# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 27.09.2021 19:15:15.328 Process: id = "1" image_name = "ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" page_root = "0x456f5000" os_pid = "0xb04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x664" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 121 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 122 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 123 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 124 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 125 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 126 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 127 start_va = 0x400000 end_va = 0x4b9fff monitored = 1 entry_point = 0x4a4d76 region_type = mapped_file name = "ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe") Region: id = 128 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 129 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 130 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 131 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 132 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 133 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 271 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 272 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 273 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 274 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 275 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 276 start_va = 0x4c0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 277 start_va = 0x6dcb0000 end_va = 0x6dd08fff monitored = 1 entry_point = 0x6dcc0780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 278 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 283 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 284 start_va = 0x630000 end_va = 0x6edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 285 start_va = 0x6f0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 286 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 287 start_va = 0x73ee0000 end_va = 0x73f71fff monitored = 0 entry_point = 0x73f20380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 288 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 289 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 290 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 291 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 292 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 293 start_va = 0x500000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 294 start_va = 0x7b0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 295 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 296 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 297 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 298 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 299 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 300 start_va = 0x8b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 301 start_va = 0x6df40000 end_va = 0x6dfb8fff monitored = 1 entry_point = 0x6df4f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 302 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 303 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 304 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 305 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 306 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 307 start_va = 0x9c0000 end_va = 0xb47fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 308 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 309 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 310 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 311 start_va = 0x8b0000 end_va = 0x964fff monitored = 1 entry_point = 0x954d76 region_type = mapped_file name = "ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe") Region: id = 312 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 313 start_va = 0xb50000 end_va = 0xcd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 314 start_va = 0xce0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ce0000" filename = "" Region: id = 315 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 316 start_va = 0x6df30000 end_va = 0x6df37fff monitored = 0 entry_point = 0x6df317b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 317 start_va = 0x6d5f0000 end_va = 0x6dca0fff monitored = 1 entry_point = 0x6d605d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 318 start_va = 0x6ddf0000 end_va = 0x6dee4fff monitored = 0 entry_point = 0x6de44160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 319 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 320 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 321 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 322 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 323 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 324 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 325 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 326 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 327 start_va = 0x720000 end_va = 0x720fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 328 start_va = 0x730000 end_va = 0x730fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 329 start_va = 0x20e0000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 330 start_va = 0x740000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 331 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 332 start_va = 0x8b0000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 333 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 334 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 335 start_va = 0x2260000 end_va = 0x425ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 336 start_va = 0x20e0000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 337 start_va = 0x2250000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 338 start_va = 0x2180000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 339 start_va = 0x4260000 end_va = 0x435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 340 start_va = 0x4360000 end_va = 0x4696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 341 start_va = 0x6c3c0000 end_va = 0x6d5e7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 342 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 343 start_va = 0x46a0000 end_va = 0x4730fff monitored = 0 entry_point = 0x46d8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 344 start_va = 0x73e60000 end_va = 0x73ed4fff monitored = 0 entry_point = 0x73e99a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 345 start_va = 0x46a0000 end_va = 0x486ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 346 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 347 start_va = 0x21c0000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 348 start_va = 0x6dd70000 end_va = 0x6ddedfff monitored = 1 entry_point = 0x6dd71140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 349 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 350 start_va = 0x21d0000 end_va = 0x21dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 351 start_va = 0x6ada0000 end_va = 0x6b74bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 352 start_va = 0x6ac10000 end_va = 0x6ad9cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 353 start_va = 0x69fb0000 end_va = 0x6ac08fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 354 start_va = 0x21e0000 end_va = 0x21e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021e0000" filename = "" Region: id = 355 start_va = 0x21e0000 end_va = 0x21e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021e0000" filename = "" Region: id = 356 start_va = 0x46a0000 end_va = 0x472efff monitored = 0 entry_point = 0x46add60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 357 start_va = 0x4860000 end_va = 0x486ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 358 start_va = 0x69f10000 end_va = 0x69fa1fff monitored = 0 entry_point = 0x69f1dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 359 start_va = 0x46a0000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 360 start_va = 0x21f0000 end_va = 0x21f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021f0000" filename = "" Region: id = 361 start_va = 0x46a0000 end_va = 0x475bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046a0000" filename = "" Region: id = 362 start_va = 0x47e0000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 363 start_va = 0x21f0000 end_va = 0x21f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021f0000" filename = "" Region: id = 364 start_va = 0x2200000 end_va = 0x2203fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 365 start_va = 0x4870000 end_va = 0x4a7afff monitored = 0 entry_point = 0x491b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 366 start_va = 0x72930000 end_va = 0x72b3efff monitored = 0 entry_point = 0x729db0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 367 start_va = 0x2210000 end_va = 0x2210fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 368 start_va = 0x2220000 end_va = 0x2221fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 369 start_va = 0x4870000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004870000" filename = "" Region: id = 370 start_va = 0x73e40000 end_va = 0x73e5cfff monitored = 0 entry_point = 0x73e43b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 371 start_va = 0x2210000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 372 start_va = 0x2210000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 373 start_va = 0x2230000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 374 start_va = 0x69da0000 end_va = 0x69f0afff monitored = 0 entry_point = 0x69e0e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 375 start_va = 0x4950000 end_va = 0x4acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 376 start_va = 0x4760000 end_va = 0x479ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 377 start_va = 0x4950000 end_va = 0x4a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 378 start_va = 0x4ac0000 end_va = 0x4acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ac0000" filename = "" Region: id = 379 start_va = 0x70c00000 end_va = 0x70df0fff monitored = 0 entry_point = 0x70ce3cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 380 start_va = 0x74120000 end_va = 0x7423efff monitored = 0 entry_point = 0x74165980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 381 start_va = 0x47f0000 end_va = 0x4838fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 382 start_va = 0x2210000 end_va = 0x2213fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 383 start_va = 0x4ad0000 end_va = 0x5acffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 384 start_va = 0x2230000 end_va = 0x2233fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 385 start_va = 0x5ad0000 end_va = 0x5bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 386 start_va = 0x5bd0000 end_va = 0x5ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005bd0000" filename = "" Region: id = 387 start_va = 0x5cd0000 end_va = 0x61c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005cd0000" filename = "" Region: id = 388 start_va = 0x4870000 end_va = 0x492cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 389 start_va = 0x4940000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004940000" filename = "" Region: id = 390 start_va = 0x61d0000 end_va = 0x65cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061d0000" filename = "" Region: id = 391 start_va = 0x65d0000 end_va = 0x760ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 392 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 393 start_va = 0x7610000 end_va = 0x76abfff monitored = 1 entry_point = 0x769e9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 394 start_va = 0x2240000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 395 start_va = 0x2240000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 396 start_va = 0x2240000 end_va = 0x2246fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002240000" filename = "" Region: id = 397 start_va = 0x47a0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 398 start_va = 0x76b0000 end_va = 0x77affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076b0000" filename = "" Region: id = 399 start_va = 0x4840000 end_va = 0x484ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004840000" filename = "" Region: id = 400 start_va = 0x4a50000 end_va = 0x4a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a50000" filename = "" Region: id = 401 start_va = 0x77b0000 end_va = 0x78affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000077b0000" filename = "" Region: id = 402 start_va = 0x4840000 end_va = 0x484ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004840000" filename = "" Region: id = 403 start_va = 0x78b0000 end_va = 0x7911fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 404 start_va = 0x4840000 end_va = 0x484ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004840000" filename = "" Region: id = 405 start_va = 0x7920000 end_va = 0x799ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007920000" filename = "" Region: id = 406 start_va = 0x79a0000 end_va = 0x7a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000079a0000" filename = "" Region: id = 407 start_va = 0x6c240000 end_va = 0x6c3b2fff monitored = 0 entry_point = 0x6c2ed220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 408 start_va = 0x7aa0000 end_va = 0x7b05fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007aa0000" filename = "" Region: id = 409 start_va = 0x4a90000 end_va = 0x4abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a90000" filename = "" Region: id = 410 start_va = 0x4a90000 end_va = 0x4a9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a90000" filename = "" Region: id = 411 start_va = 0x4aa0000 end_va = 0x4aaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004aa0000" filename = "" Region: id = 412 start_va = 0x4ab0000 end_va = 0x4abffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ab0000" filename = "" Region: id = 413 start_va = 0x7b10000 end_va = 0x7b75fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007b10000" filename = "" Region: id = 414 start_va = 0x4850000 end_va = 0x485ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004850000" filename = "" Region: id = 415 start_va = 0x4930000 end_va = 0x493ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004930000" filename = "" Region: id = 416 start_va = 0x7b80000 end_va = 0x7b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b80000" filename = "" Region: id = 417 start_va = 0x7b90000 end_va = 0x7b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b90000" filename = "" Region: id = 418 start_va = 0x7b80000 end_va = 0x7b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b80000" filename = "" Region: id = 419 start_va = 0x7b90000 end_va = 0x7b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b90000" filename = "" Region: id = 420 start_va = 0x7ba0000 end_va = 0x7baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ba0000" filename = "" Region: id = 421 start_va = 0x7bb0000 end_va = 0x7bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bb0000" filename = "" Region: id = 422 start_va = 0x7bc0000 end_va = 0x7bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bc0000" filename = "" Region: id = 423 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 424 start_va = 0x7be0000 end_va = 0x7beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007be0000" filename = "" Region: id = 425 start_va = 0x7bf0000 end_va = 0x7bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bf0000" filename = "" Region: id = 426 start_va = 0x7c00000 end_va = 0x7c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c00000" filename = "" Region: id = 427 start_va = 0x7c10000 end_va = 0x7c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c10000" filename = "" Region: id = 428 start_va = 0x7c20000 end_va = 0x7c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c20000" filename = "" Region: id = 429 start_va = 0x7c30000 end_va = 0x7c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c30000" filename = "" Region: id = 430 start_va = 0x7c40000 end_va = 0x7c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c40000" filename = "" Region: id = 431 start_va = 0x7c50000 end_va = 0x7c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c50000" filename = "" Region: id = 432 start_va = 0x7c60000 end_va = 0x7c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c60000" filename = "" Region: id = 433 start_va = 0x7c70000 end_va = 0x7c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c70000" filename = "" Region: id = 434 start_va = 0x7b80000 end_va = 0x7b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b80000" filename = "" Region: id = 435 start_va = 0x7b90000 end_va = 0x7b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b90000" filename = "" Region: id = 436 start_va = 0x7ba0000 end_va = 0x7baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ba0000" filename = "" Region: id = 437 start_va = 0x7bb0000 end_va = 0x7bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bb0000" filename = "" Region: id = 438 start_va = 0x7bc0000 end_va = 0x7bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bc0000" filename = "" Region: id = 439 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 440 start_va = 0x7be0000 end_va = 0x7beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007be0000" filename = "" Region: id = 441 start_va = 0x7bf0000 end_va = 0x7bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bf0000" filename = "" Region: id = 442 start_va = 0x7c00000 end_va = 0x7c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c00000" filename = "" Region: id = 443 start_va = 0x7c10000 end_va = 0x7c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c10000" filename = "" Region: id = 444 start_va = 0x7c20000 end_va = 0x7c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c20000" filename = "" Region: id = 445 start_va = 0x7c30000 end_va = 0x7c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c30000" filename = "" Region: id = 446 start_va = 0x7c40000 end_va = 0x7c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c40000" filename = "" Region: id = 447 start_va = 0x7c50000 end_va = 0x7c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c50000" filename = "" Region: id = 448 start_va = 0x7b80000 end_va = 0x7b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b80000" filename = "" Region: id = 449 start_va = 0x7b90000 end_va = 0x7b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b90000" filename = "" Region: id = 450 start_va = 0x7b90000 end_va = 0x7bc9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007b90000" filename = "" Region: id = 451 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 452 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 453 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 454 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 455 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 456 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 457 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 458 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 459 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 460 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 461 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 462 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 463 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 464 start_va = 0x7bd0000 end_va = 0x7bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 465 start_va = 0x7be0000 end_va = 0x7beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007be0000" filename = "" Region: id = 466 start_va = 0x7bd0000 end_va = 0x7c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 467 start_va = 0x7c10000 end_va = 0x7d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c10000" filename = "" Region: id = 468 start_va = 0x7d10000 end_va = 0x7d1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d10000" filename = "" Region: id = 469 start_va = 0x7d10000 end_va = 0x7e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d10000" filename = "" Region: id = 470 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 471 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 472 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 473 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 474 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 475 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 476 start_va = 0x7e10000 end_va = 0x7e10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007e10000" filename = "" Region: id = 477 start_va = 0x7e20000 end_va = 0x7e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e20000" filename = "" Region: id = 478 start_va = 0x6dd40000 end_va = 0x6dd67fff monitored = 0 entry_point = 0x6dd47820 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 479 start_va = 0x7e30000 end_va = 0x7e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 480 start_va = 0x7e30000 end_va = 0x7e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 481 start_va = 0x7e30000 end_va = 0x7e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 482 start_va = 0x7e30000 end_va = 0x7e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 483 start_va = 0x7e30000 end_va = 0x7e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 484 start_va = 0x6c1c0000 end_va = 0x6c230fff monitored = 0 entry_point = 0x6c2169e0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\SysWOW64\\efswrt.dll" (normalized: "c:\\windows\\syswow64\\efswrt.dll") Region: id = 485 start_va = 0x702f0000 end_va = 0x703b7fff monitored = 0 entry_point = 0x7035ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 486 start_va = 0x6c170000 end_va = 0x6c1b8fff monitored = 0 entry_point = 0x6c176450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 487 start_va = 0x7e30000 end_va = 0x7e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 488 start_va = 0x7e30000 end_va = 0x7e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 489 start_va = 0x6ea00000 end_va = 0x6eb4afff monitored = 0 entry_point = 0x6ea61660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 490 start_va = 0x7e30000 end_va = 0x7e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 491 start_va = 0x7e70000 end_va = 0x7f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e70000" filename = "" Region: id = 492 start_va = 0x7f70000 end_va = 0x7f70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007f70000" filename = "" Region: id = 493 start_va = 0x74360000 end_va = 0x743e3fff monitored = 0 entry_point = 0x74386220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 494 start_va = 0x700d0000 end_va = 0x702ebfff monitored = 0 entry_point = 0x7029bc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 495 start_va = 0x7f80000 end_va = 0x7f80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007f80000" filename = "" Region: id = 496 start_va = 0x7f90000 end_va = 0x7fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f90000" filename = "" Region: id = 497 start_va = 0x7fd0000 end_va = 0x80cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007fd0000" filename = "" Region: id = 498 start_va = 0x80d0000 end_va = 0x80d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 499 start_va = 0x80e0000 end_va = 0x8124fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 500 start_va = 0x8130000 end_va = 0x8133fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 501 start_va = 0x8140000 end_va = 0x81cdfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 502 start_va = 0x81d0000 end_va = 0x81d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000081d0000" filename = "" Region: id = 503 start_va = 0x81e0000 end_va = 0x81e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000081e0000" filename = "" Region: id = 504 start_va = 0x81f0000 end_va = 0x85eafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000081f0000" filename = "" Region: id = 505 start_va = 0x85f0000 end_va = 0x862ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000085f0000" filename = "" Region: id = 506 start_va = 0x8630000 end_va = 0x872ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008630000" filename = "" Region: id = 507 start_va = 0x8730000 end_va = 0x8733fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 508 start_va = 0x8740000 end_va = 0x8752fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 509 start_va = 0x8760000 end_va = 0x8760fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008760000" filename = "" Region: id = 510 start_va = 0x71380000 end_va = 0x714fdfff monitored = 0 entry_point = 0x713fc630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 511 start_va = 0x736e0000 end_va = 0x739aafff monitored = 0 entry_point = 0x7391c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 512 start_va = 0x8730000 end_va = 0x8730fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008730000" filename = "" Region: id = 531 start_va = 0x8770000 end_va = 0x877ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008770000" filename = "" Region: id = 532 start_va = 0x8780000 end_va = 0x878ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008780000" filename = "" Region: id = 533 start_va = 0x8790000 end_va = 0x879ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008790000" filename = "" Region: id = 587 start_va = 0x8770000 end_va = 0x87affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008770000" filename = "" Region: id = 588 start_va = 0x87b0000 end_va = 0x88affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000087b0000" filename = "" Region: id = 589 start_va = 0x88b0000 end_va = 0x88effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000088b0000" filename = "" Region: id = 590 start_va = 0x88f0000 end_va = 0x89effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000088f0000" filename = "" Thread: id = 1 os_tid = 0x484 [0062.918] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0063.522] RoInitialize () returned 0x1 [0063.522] RoUninitialize () returned 0x0 [0065.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x19ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0065.337] IsAppThemed () returned 0x1 [0065.341] CoTaskMemAlloc (cb=0xf0) returned 0x5546b0 [0065.341] CreateActCtxA (pActCtx=0x19f414) returned 0x5548a4 [0065.417] CoTaskMemFree (pv=0x5546b0) [0065.437] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1de [0065.437] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1df [0065.458] GetSystemMetrics (nIndex=75) returned 1 [0065.467] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0066.117] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x69f10000 [0066.355] AdjustWindowRectEx (in: lpRect=0x19f470, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19f470) returned 1 [0066.359] GetCurrentProcess () returned 0xffffffff [0066.359] GetCurrentThread () returned 0xfffffffe [0066.359] GetCurrentProcess () returned 0xffffffff [0066.359] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f388, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f388*=0x264) returned 1 [0066.362] GetCurrentThreadId () returned 0x484 [0066.390] GetCurrentActCtx (in: lphActCtx=0x19f2e8 | out: lphActCtx=0x19f2e8*=0x0) returned 1 [0066.390] ActivateActCtx (in: hActCtx=0x5548a4, lpCookie=0x19f2f8 | out: hActCtx=0x5548a4, lpCookie=0x19f2f8) returned 1 [0066.390] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0067.224] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x72930000 [0067.238] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76300000 [0067.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f1b0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x1ajïØÄO «_mhö\x19", lpUsedDefaultChar=0x0) returned 14 [0067.239] GetProcAddress (hModule=0x76300000, lpProcName="DefWindowProcW") returned 0x73f107e0 [0067.240] GetStockObject (i=5) returned 0x1900015 [0067.270] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0067.275] CoTaskMemAlloc (cb=0x5c) returned 0x55a750 [0067.275] RegisterClassW (lpWndClass=0x19f1a0) returned 0xc1da [0067.276] CoTaskMemFree (pv=0x55a750) [0067.276] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0067.277] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x3036e [0067.278] SetWindowLongW (hWnd=0x3036e, nIndex=-4, dwNewLong=1945176032) returned 76809662 [0067.279] GetWindowLongW (hWnd=0x3036e, nIndex=-4) returned 1945176032 [0067.296] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e9fc | out: phkResult=0x19e9fc*=0x288) returned 0x0 [0067.297] RegQueryValueExW (in: hKey=0x288, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19ea1c, lpData=0x0, lpcbData=0x19ea18*=0x0 | out: lpType=0x19ea1c*=0x0, lpData=0x0, lpcbData=0x19ea18*=0x0) returned 0x2 [0067.297] RegQueryValueExW (in: hKey=0x288, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19ea1c, lpData=0x0, lpcbData=0x19ea18*=0x0 | out: lpType=0x19ea1c*=0x0, lpData=0x0, lpcbData=0x19ea18*=0x0) returned 0x2 [0067.297] RegCloseKey (hKey=0x288) returned 0x0 [0067.299] SetWindowLongW (hWnd=0x3036e, nIndex=-4, dwNewLong=76809702) returned 1945176032 [0067.299] GetWindowLongW (hWnd=0x3036e, nIndex=-4) returned 76809702 [0067.299] GetWindowLongW (hWnd=0x3036e, nIndex=-16) returned 113311744 [0067.300] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc161 [0067.301] CallWindowProcW (lpPrevWndFunc=0x73f107e0, hWnd=0x3036e, Msg=0x24, wParam=0x0, lParam=0x19ed14) returned 0x0 [0067.301] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc0ea [0067.302] CallWindowProcW (lpPrevWndFunc=0x73f107e0, hWnd=0x3036e, Msg=0x81, wParam=0x0, lParam=0x19ed08) returned 0x1 [0067.302] CallWindowProcW (lpPrevWndFunc=0x73f107e0, hWnd=0x3036e, Msg=0x83, wParam=0x0, lParam=0x19ecf4) returned 0x0 [0067.599] CallWindowProcW (lpPrevWndFunc=0x73f107e0, hWnd=0x3036e, Msg=0x1, wParam=0x0, lParam=0x19ed08) returned 0x0 [0067.599] GetClientRect (in: hWnd=0x3036e, lpRect=0x19ea34 | out: lpRect=0x19ea34) returned 1 [0067.600] GetWindowRect (in: hWnd=0x3036e, lpRect=0x19ea34 | out: lpRect=0x19ea34) returned 1 [0067.602] GetParent (hWnd=0x3036e) returned 0x0 [0067.602] DeactivateActCtx (dwFlags=0x0, ulCookie=0x11770001) returned 1 [0067.805] GetSystemDefaultLCID () returned 0x409 [0067.806] GetStockObject (i=17) returned 0x10a0047 [0067.808] GetObjectW (in: h=0x10a0047, c=92, pv=0x19f1f0 | out: pv=0x19f1f0) returned 92 [0067.809] GetDC (hWnd=0x0) returned 0xb010541 [0068.438] GdiplusStartup (in: token=0x6f63f8, input=0x19e7b8, output=0x19e808 | out: token=0x6f63f8, output=0x19e808) returned 0x0 [0068.450] CoTaskMemAlloc (cb=0x5c) returned 0x55ac98 [0068.451] GdipCreateFontFromLogfontW (hdc=0xb010541, logfont=0x55ac98, font=0x19f2b8) returned 0x0 [0069.450] CoTaskMemFree (pv=0x55ac98) [0069.451] CoTaskMemAlloc (cb=0x5c) returned 0x55a750 [0069.451] CoTaskMemFree (pv=0x55a750) [0069.452] CoTaskMemAlloc (cb=0x5c) returned 0x55a9c0 [0069.452] CoTaskMemFree (pv=0x55a9c0) [0069.452] GdipGetFontUnit (font=0x4ac1f08, unit=0x19f284) returned 0x0 [0069.452] GdipGetFontSize (font=0x4ac1f08, size=0x19f288) returned 0x0 [0069.452] GdipGetFontStyle (font=0x4ac1f08, style=0x19f280) returned 0x0 [0069.452] GdipGetFamily (font=0x4ac1f08, family=0x19f27c) returned 0x0 [0069.453] GdipGetFontSize (font=0x4ac1f08, size=0x22797f8) returned 0x0 [0069.453] ReleaseDC (hWnd=0x0, hDC=0xb010541) returned 1 [0069.453] GetDC (hWnd=0x0) returned 0x4010197 [0069.454] GdipCreateFromHDC (hdc=0x4010197, graphics=0x19f2a4) returned 0x0 [0069.479] GdipGetDpiY (graphics=0x5bdf268, dpi=0x2279900) returned 0x0 [0069.479] GdipGetFontHeight (font=0x4ac1f08, graphics=0x5bdf268, height=0x19f29c) returned 0x0 [0069.479] GdipGetEmHeight (family=0x5bd4890, style=0, EmHeight=0x19f2a4) returned 0x0 [0069.479] GdipGetLineSpacing (family=0x5bd4890, style=0, LineSpacing=0x19f2a4) returned 0x0 [0069.479] GdipDeleteGraphics (graphics=0x5bdf268) returned 0x0 [0069.480] ReleaseDC (hWnd=0x0, hDC=0x4010197) returned 1 [0069.481] GdipCreateFont (fontFamily=0x5bd4890, emSize=0x41040000, style=0, unit=0x3, font=0x22798c0) returned 0x0 [0069.481] GdipGetFontSize (font=0x4acefc0, size=0x22798c4) returned 0x0 [0069.481] GdipDeleteFont (font=0x4ac1f08) returned 0x0 [0069.481] GetDC (hWnd=0x0) returned 0x4010197 [0069.481] GdipCreateFromHDC (hdc=0x4010197, graphics=0x19f308) returned 0x0 [0069.481] GdipGetFontHeight (font=0x4acefc0, graphics=0x5bdf268, height=0x19f300) returned 0x0 [0069.481] GdipDeleteGraphics (graphics=0x5bdf268) returned 0x0 [0069.482] ReleaseDC (hWnd=0x0, hDC=0x4010197) returned 1 [0069.483] GetSystemMetrics (nIndex=5) returned 1 [0069.483] GetSystemMetrics (nIndex=6) returned 1 [0069.484] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.485] AdjustWindowRectEx (in: lpRect=0x19f430, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f430) returned 1 [0069.485] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.485] AdjustWindowRectEx (in: lpRect=0x19f430, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f430) returned 1 [0069.486] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.487] AdjustWindowRectEx (in: lpRect=0x19f434, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f434) returned 1 [0069.487] GetSystemMetrics (nIndex=5) returned 1 [0069.487] GetSystemMetrics (nIndex=6) returned 1 [0069.488] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.488] AdjustWindowRectEx (in: lpRect=0x19f394, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f394) returned 1 [0069.490] GetSystemMetrics (nIndex=5) returned 1 [0069.490] GetSystemMetrics (nIndex=6) returned 1 [0069.490] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.490] AdjustWindowRectEx (in: lpRect=0x19f394, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f394) returned 1 [0069.492] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.492] AdjustWindowRectEx (in: lpRect=0x19f3c0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f3c0) returned 1 [0069.504] GetProcessWindowStation () returned 0xf0 [0069.506] GetUserObjectInformationA (in: hObj=0xf0, nIndex=1, pvInfo=0x227a508, nLength=0xc, lpnLengthNeeded=0x19f29c | out: pvInfo=0x227a508, lpnLengthNeeded=0x19f29c) returned 1 [0069.558] SetConsoleCtrlHandler (HandlerRoutine=0x494060e, Add=1) returned 1 [0069.558] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0069.559] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0069.560] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x227a56c | out: lpWndClass=0x227a56c) returned 0 [0069.562] CoTaskMemAlloc (cb=0x58) returned 0x5573f0 [0069.562] RegisterClassW (lpWndClass=0x19f1ec) returned 0xc14e [0069.562] CoTaskMemFree (pv=0x5573f0) [0069.563] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x5029a [0069.589] NtdllDefWindowProc_W (hWnd=0x5029a, Msg=0x81, wParam=0x0, lParam=0x19ed28) returned 0x1 [0069.592] NtdllDefWindowProc_W (hWnd=0x5029a, Msg=0x83, wParam=0x0, lParam=0x19ed14) returned 0x0 [0069.592] NtdllDefWindowProc_W (hWnd=0x5029a, Msg=0x1, wParam=0x0, lParam=0x19ed28) returned 0x0 [0069.592] NtdllDefWindowProc_W (hWnd=0x5029a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0069.592] NtdllDefWindowProc_W (hWnd=0x5029a, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0069.602] GetSysColor (nIndex=10) returned 0xb4b4b4 [0069.603] GetSysColor (nIndex=2) returned 0xd1b499 [0069.603] GetSysColor (nIndex=9) returned 0x0 [0069.603] GetSysColor (nIndex=12) returned 0xababab [0069.603] GetSysColor (nIndex=15) returned 0xf0f0f0 [0069.603] GetSysColor (nIndex=20) returned 0xffffff [0069.603] GetSysColor (nIndex=16) returned 0xa0a0a0 [0069.603] GetSysColor (nIndex=15) returned 0xf0f0f0 [0069.603] GetSysColor (nIndex=16) returned 0xa0a0a0 [0069.603] GetSysColor (nIndex=21) returned 0x696969 [0069.603] GetSysColor (nIndex=22) returned 0xe3e3e3 [0069.603] GetSysColor (nIndex=20) returned 0xffffff [0069.603] GetSysColor (nIndex=18) returned 0x0 [0069.603] GetSysColor (nIndex=1) returned 0x0 [0069.603] GetSysColor (nIndex=27) returned 0xead1b9 [0069.603] GetSysColor (nIndex=28) returned 0xf2e4d7 [0069.603] GetSysColor (nIndex=17) returned 0x6d6d6d [0069.603] GetSysColor (nIndex=13) returned 0xff9933 [0069.603] GetSysColor (nIndex=14) returned 0xffffff [0069.603] GetSysColor (nIndex=26) returned 0xcc6600 [0069.603] GetSysColor (nIndex=11) returned 0xfcf7f4 [0069.603] GetSysColor (nIndex=3) returned 0xdbcdbf [0069.603] GetSysColor (nIndex=19) returned 0x0 [0069.603] GetSysColor (nIndex=24) returned 0xe1ffff [0069.603] GetSysColor (nIndex=23) returned 0x0 [0069.603] GetSysColor (nIndex=4) returned 0xf0f0f0 [0069.603] GetSysColor (nIndex=30) returned 0xf0f0f0 [0069.603] GetSysColor (nIndex=29) returned 0xff9933 [0069.603] GetSysColor (nIndex=7) returned 0x0 [0069.604] GetSysColor (nIndex=0) returned 0xc8c8c8 [0069.604] GetSysColor (nIndex=5) returned 0xffffff [0069.604] GetSysColor (nIndex=6) returned 0x646464 [0069.604] GetSysColor (nIndex=8) returned 0x0 [0069.604] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.604] AdjustWindowRectEx (in: lpRect=0x19f3c0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f3c0) returned 1 [0069.607] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.607] AdjustWindowRectEx (in: lpRect=0x19f394, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f394) returned 1 [0069.608] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.608] AdjustWindowRectEx (in: lpRect=0x19f394, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f394) returned 1 [0069.610] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.610] AdjustWindowRectEx (in: lpRect=0x19f400, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19f400) returned 1 [0069.610] GetSystemMetrics (nIndex=59) returned 1456 [0069.610] GetSystemMetrics (nIndex=60) returned 916 [0069.610] GetSystemMetrics (nIndex=34) returned 136 [0069.610] GetSystemMetrics (nIndex=35) returned 39 [0069.611] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.611] AdjustWindowRectEx (in: lpRect=0x19f300, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19f300) returned 1 [0069.611] GetCurrentThreadId () returned 0x484 [0069.611] GetCurrentThreadId () returned 0x484 [0069.613] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.613] AdjustWindowRectEx (in: lpRect=0x19f1f0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1f0) returned 1 [0069.618] GdipGetFamilyName (in: family=0x5bd4890, name=0x19f0e0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0069.619] CreateCompatibleDC (hdc=0x0) returned 0x1b0109b5 [0069.620] GetCurrentObject (hdc=0x1b0109b5, type=0x1) returned 0x1b00017 [0069.620] GetCurrentObject (hdc=0x1b0109b5, type=0x2) returned 0x1900010 [0069.620] GetCurrentObject (hdc=0x1b0109b5, type=0x7) returned 0x185000f [0069.620] GetCurrentObject (hdc=0x1b0109b5, type=0x6) returned 0x18a0048 [0069.622] SaveDC (hdc=0x1b0109b5) returned 1 [0069.622] GetDeviceCaps (hdc=0x1b0109b5, index=90) returned 96 [0069.622] CoTaskMemAlloc (cb=0x5c) returned 0x55a6e8 [0069.622] CreateFontIndirectW (lplf=0x55a6e8) returned 0x320a097d [0069.623] CoTaskMemFree (pv=0x55a6e8) [0069.623] GetObjectW (in: h=0x320a097d, c=92, pv=0x19f0b8 | out: pv=0x19f0b8) returned 92 [0069.623] GetCurrentObject (hdc=0x1b0109b5, type=0x6) returned 0x18a0048 [0069.623] GetObjectW (in: h=0x18a0048, c=92, pv=0x19f010 | out: pv=0x19f010) returned 92 [0069.623] SelectObject (hdc=0x1b0109b5, h=0x320a097d) returned 0x18a0048 [0069.624] GetMapMode (hdc=0x1b0109b5) returned 1 [0069.624] GetTextMetricsW (in: hdc=0x1b0109b5, lptm=0x19f0c4 | out: lptm=0x19f0c4) returned 1 [0069.626] DrawTextExW (in: hdc=0x1b0109b5, lpchText="웹 페이지에 나와있는 7자리 숫자를 입력 해주세요.", cchText=28, lprc=0x19f1d8, format=0x2400, lpdtp=0x227b108 | out: lpchText="웹 페이지에 나와있는 7자리 숫자를 입력 해주세요.", lprc=0x19f1d8) returned 13 [0069.841] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x69f10000 [0069.841] AdjustWindowRectEx (in: lpRect=0x19f2c4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2c4) returned 1 [0103.682] EtwEventRegister (in: ProviderId=0x235c518, EnableCallback=0x494065e, CallbackContext=0x0, RegHandle=0x235c4f4 | out: RegHandle=0x235c4f4) returned 0x0 [0103.689] EtwEventSetInformation (RegHandle=0x548cb0, InformationClass=0x2c, EventInformation=0x2, InformationLength=0x235c488) returned 0x0 [0103.696] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config", nBufferLength=0x105, lpBuffer=0x19e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config", lpFilePart=0x0) returned 0x69 [0103.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ec70) returned 1 [0103.697] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19ecec | out: lpFileInformation=0x19ecec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0103.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ec6c) returned 1 [0104.008] GdipLoadImageFromStream (stream=0x4840030, image=0x19e960) returned 0x0 [0104.257] GdipImageForceValidation (image=0x5bdf268) returned 0x0 [0104.270] GdipGetImageType (image=0x5bdf268, type=0x19e95c) returned 0x0 [0104.270] GdipGetImageRawFormat (image=0x5bdf268, format=0x19e8dc*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0104.291] GdipGetImageWidth (image=0x5bdf268, width=0x19eeb8) returned 0x0 [0104.292] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.293] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.293] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=0, color=0x19eea4) returned 0x0 [0104.299] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.299] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.299] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=1, color=0x19eea4) returned 0x0 [0104.299] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.299] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.299] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=2, color=0x19eea4) returned 0x0 [0104.299] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.299] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.299] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=3, color=0x19eea4) returned 0x0 [0104.299] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.299] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.299] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=4, color=0x19eea4) returned 0x0 [0104.299] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.299] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.299] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=5, color=0x19eea4) returned 0x0 [0104.300] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.300] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.300] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=6, color=0x19eea4) returned 0x0 [0104.300] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.300] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.300] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=7, color=0x19eea4) returned 0x0 [0104.300] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.300] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.300] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=8, color=0x19eea4) returned 0x0 [0104.300] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.300] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.300] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=9, color=0x19eea4) returned 0x0 [0104.300] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.300] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.300] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=10, color=0x19eea4) returned 0x0 [0104.300] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.300] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.300] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=11, color=0x19eea4) returned 0x0 [0104.300] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.300] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.300] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=12, color=0x19eea4) returned 0x0 [0104.300] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.300] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.300] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=13, color=0x19eea4) returned 0x0 [0104.300] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.301] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.301] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=14, color=0x19eea4) returned 0x0 [0104.301] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.301] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.301] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=15, color=0x19eea4) returned 0x0 [0104.301] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.301] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.301] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=16, color=0x19eea4) returned 0x0 [0104.301] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.301] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.301] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=17, color=0x19eea4) returned 0x0 [0104.301] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.301] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.301] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=18, color=0x19eea4) returned 0x0 [0104.301] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.301] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.301] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=19, color=0x19eea4) returned 0x0 [0104.301] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.301] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.301] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=20, color=0x19eea4) returned 0x0 [0104.301] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.301] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.301] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=21, color=0x19eea4) returned 0x0 [0104.302] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.302] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.302] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=22, color=0x19eea4) returned 0x0 [0104.302] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.302] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.302] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=23, color=0x19eea4) returned 0x0 [0104.302] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.302] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.302] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=24, color=0x19eea4) returned 0x0 [0104.302] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.302] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.302] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=25, color=0x19eea4) returned 0x0 [0104.302] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.302] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.302] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=26, color=0x19eea4) returned 0x0 [0104.302] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.302] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.302] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=27, color=0x19eea4) returned 0x0 [0104.302] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.302] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.302] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=28, color=0x19eea4) returned 0x0 [0104.302] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.302] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.303] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=29, color=0x19eea4) returned 0x0 [0104.303] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.303] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.303] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=30, color=0x19eea4) returned 0x0 [0104.303] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.303] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.303] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=31, color=0x19eea4) returned 0x0 [0104.303] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.303] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.303] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=32, color=0x19eea4) returned 0x0 [0104.303] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.303] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.303] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=33, color=0x19eea4) returned 0x0 [0104.303] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.303] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.303] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=34, color=0x19eea4) returned 0x0 [0104.303] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.303] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.303] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=35, color=0x19eea4) returned 0x0 [0104.303] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.303] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.303] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=36, color=0x19eea4) returned 0x0 [0104.303] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.304] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.304] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=37, color=0x19eea4) returned 0x0 [0104.304] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.304] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.304] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=38, color=0x19eea4) returned 0x0 [0104.304] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.304] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.304] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=39, color=0x19eea4) returned 0x0 [0104.304] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.304] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.304] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=40, color=0x19eea4) returned 0x0 [0104.304] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.304] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.304] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=41, color=0x19eea4) returned 0x0 [0104.304] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.304] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.304] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=42, color=0x19eea4) returned 0x0 [0104.304] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.304] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.304] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=43, color=0x19eea4) returned 0x0 [0104.304] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.304] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.304] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=44, color=0x19eea4) returned 0x0 [0104.305] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.305] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.305] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=45, color=0x19eea4) returned 0x0 [0104.305] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.305] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.305] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=46, color=0x19eea4) returned 0x0 [0104.305] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.305] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.305] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=47, color=0x19eea4) returned 0x0 [0104.305] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.305] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.305] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=48, color=0x19eea4) returned 0x0 [0104.305] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.305] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.305] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=49, color=0x19eea4) returned 0x0 [0104.305] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.305] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.305] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=50, color=0x19eea4) returned 0x0 [0104.305] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.305] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.305] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=51, color=0x19eea4) returned 0x0 [0104.305] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.305] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.306] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=52, color=0x19eea4) returned 0x0 [0104.306] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.306] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.306] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=53, color=0x19eea4) returned 0x0 [0104.306] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.306] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.306] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=54, color=0x19eea4) returned 0x0 [0104.306] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.306] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.306] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=55, color=0x19eea4) returned 0x0 [0104.306] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.306] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.306] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=56, color=0x19eea4) returned 0x0 [0104.306] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.306] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.306] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=57, color=0x19eea4) returned 0x0 [0104.306] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.306] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.306] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=58, color=0x19eea4) returned 0x0 [0104.306] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.306] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.306] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=59, color=0x19eea4) returned 0x0 [0104.306] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.306] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.307] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=60, color=0x19eea4) returned 0x0 [0104.307] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.307] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.307] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=61, color=0x19eea4) returned 0x0 [0104.307] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.307] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.307] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=62, color=0x19eea4) returned 0x0 [0104.307] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.307] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.307] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=63, color=0x19eea4) returned 0x0 [0104.307] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.307] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.307] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=64, color=0x19eea4) returned 0x0 [0104.307] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.307] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.307] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=65, color=0x19eea4) returned 0x0 [0104.307] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.307] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.307] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=66, color=0x19eea4) returned 0x0 [0104.307] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.307] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.307] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=67, color=0x19eea4) returned 0x0 [0104.307] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.307] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.307] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=68, color=0x19eea4) returned 0x0 [0104.308] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.308] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.308] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=69, color=0x19eea4) returned 0x0 [0104.308] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.308] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.308] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=70, color=0x19eea4) returned 0x0 [0104.308] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.308] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.308] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=71, color=0x19eea4) returned 0x0 [0104.308] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.308] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.308] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=72, color=0x19eea4) returned 0x0 [0104.308] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.308] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.308] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=73, color=0x19eea4) returned 0x0 [0104.308] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.309] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.309] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=74, color=0x19eea4) returned 0x0 [0104.309] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.309] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.309] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=75, color=0x19eea4) returned 0x0 [0104.309] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.309] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.309] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=76, color=0x19eea4) returned 0x0 [0104.309] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.309] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.309] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=77, color=0x19eea4) returned 0x0 [0104.309] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.309] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.309] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=78, color=0x19eea4) returned 0x0 [0104.309] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.309] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.309] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=79, color=0x19eea4) returned 0x0 [0104.309] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.309] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.309] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=80, color=0x19eea4) returned 0x0 [0104.309] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.309] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.309] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=81, color=0x19eea4) returned 0x0 [0104.309] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.309] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.310] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=82, color=0x19eea4) returned 0x0 [0104.310] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.310] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.310] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=83, color=0x19eea4) returned 0x0 [0104.310] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.310] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.310] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=84, color=0x19eea4) returned 0x0 [0104.310] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.310] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.310] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=85, color=0x19eea4) returned 0x0 [0104.310] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.310] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.310] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=86, color=0x19eea4) returned 0x0 [0104.310] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.310] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.310] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=87, color=0x19eea4) returned 0x0 [0104.310] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.310] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.310] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=88, color=0x19eea4) returned 0x0 [0104.310] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.310] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.310] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=89, color=0x19eea4) returned 0x0 [0104.310] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.310] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.310] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=90, color=0x19eea4) returned 0x0 [0104.310] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.310] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.310] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=91, color=0x19eea4) returned 0x0 [0104.311] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.311] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.311] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=92, color=0x19eea4) returned 0x0 [0104.311] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.311] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.311] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=93, color=0x19eea4) returned 0x0 [0104.311] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.311] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.311] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=94, color=0x19eea4) returned 0x0 [0104.311] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.311] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.311] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=95, color=0x19eea4) returned 0x0 [0104.311] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.311] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.311] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=96, color=0x19eea4) returned 0x0 [0104.311] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.311] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.311] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=97, color=0x19eea4) returned 0x0 [0104.311] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.311] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.311] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=98, color=0x19eea4) returned 0x0 [0104.311] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.311] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.311] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=99, color=0x19eea4) returned 0x0 [0104.311] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.311] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.311] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=100, color=0x19eea4) returned 0x0 [0104.311] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.311] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.312] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=101, color=0x19eea4) returned 0x0 [0104.312] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.312] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.312] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=102, color=0x19eea4) returned 0x0 [0104.312] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.312] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.312] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=103, color=0x19eea4) returned 0x0 [0104.312] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.312] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.312] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=104, color=0x19eea4) returned 0x0 [0104.312] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.312] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.312] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=105, color=0x19eea4) returned 0x0 [0104.312] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.312] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.312] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=106, color=0x19eea4) returned 0x0 [0104.312] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.312] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.312] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=107, color=0x19eea4) returned 0x0 [0104.312] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.312] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.312] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=108, color=0x19eea4) returned 0x0 [0104.312] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.312] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.312] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=109, color=0x19eea4) returned 0x0 [0104.312] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.312] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.312] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=110, color=0x19eea4) returned 0x0 [0104.312] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.313] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.313] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=111, color=0x19eea4) returned 0x0 [0104.313] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.313] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.313] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=112, color=0x19eea4) returned 0x0 [0104.313] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.313] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.313] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=113, color=0x19eea4) returned 0x0 [0104.313] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.313] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.313] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=114, color=0x19eea4) returned 0x0 [0104.313] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.313] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.313] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=115, color=0x19eea4) returned 0x0 [0104.313] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.313] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.313] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=116, color=0x19eea4) returned 0x0 [0104.313] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.313] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.313] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=117, color=0x19eea4) returned 0x0 [0104.313] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.313] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.313] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=118, color=0x19eea4) returned 0x0 [0104.313] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.313] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.313] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=119, color=0x19eea4) returned 0x0 [0104.313] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.313] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.314] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=120, color=0x19eea4) returned 0x0 [0104.314] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.314] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.314] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=121, color=0x19eea4) returned 0x0 [0104.314] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.314] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.314] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=122, color=0x19eea4) returned 0x0 [0104.314] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.314] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.314] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=123, color=0x19eea4) returned 0x0 [0104.314] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.314] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.314] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=124, color=0x19eea4) returned 0x0 [0104.314] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.314] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.314] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=125, color=0x19eea4) returned 0x0 [0104.314] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.314] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.314] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=126, color=0x19eea4) returned 0x0 [0104.314] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.314] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.314] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=127, color=0x19eea4) returned 0x0 [0104.314] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.314] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.314] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=128, color=0x19eea4) returned 0x0 [0104.314] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.314] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.314] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=129, color=0x19eea4) returned 0x0 [0104.314] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.315] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.315] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=130, color=0x19eea4) returned 0x0 [0104.315] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.315] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.315] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=131, color=0x19eea4) returned 0x0 [0104.315] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.315] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.315] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=132, color=0x19eea4) returned 0x0 [0104.315] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.315] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.315] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=133, color=0x19eea4) returned 0x0 [0104.315] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.315] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.315] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=134, color=0x19eea4) returned 0x0 [0104.315] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.315] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.315] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=135, color=0x19eea4) returned 0x0 [0104.315] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.315] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.315] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=136, color=0x19eea4) returned 0x0 [0104.315] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.315] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.315] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=137, color=0x19eea4) returned 0x0 [0104.315] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.315] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.315] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=138, color=0x19eea4) returned 0x0 [0104.315] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.315] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.315] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=139, color=0x19eea4) returned 0x0 [0104.315] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.316] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.316] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=140, color=0x19eea4) returned 0x0 [0104.316] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.316] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.316] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=141, color=0x19eea4) returned 0x0 [0104.316] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.316] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.316] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=142, color=0x19eea4) returned 0x0 [0104.316] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.316] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.316] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=143, color=0x19eea4) returned 0x0 [0104.316] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.316] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.316] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=144, color=0x19eea4) returned 0x0 [0104.316] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.316] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.316] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=145, color=0x19eea4) returned 0x0 [0104.316] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.316] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.316] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=146, color=0x19eea4) returned 0x0 [0104.316] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.316] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.316] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=147, color=0x19eea4) returned 0x0 [0104.316] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.316] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.316] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=148, color=0x19eea4) returned 0x0 [0104.316] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.316] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.316] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=149, color=0x19eea4) returned 0x0 [0104.317] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.317] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.317] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=150, color=0x19eea4) returned 0x0 [0104.317] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.317] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.317] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=151, color=0x19eea4) returned 0x0 [0104.317] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.317] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.317] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=152, color=0x19eea4) returned 0x0 [0104.317] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.317] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.317] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=153, color=0x19eea4) returned 0x0 [0104.317] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.317] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.317] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=154, color=0x19eea4) returned 0x0 [0104.317] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.317] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.317] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=155, color=0x19eea4) returned 0x0 [0104.317] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.317] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.317] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=156, color=0x19eea4) returned 0x0 [0104.317] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.317] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.317] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=157, color=0x19eea4) returned 0x0 [0104.317] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.317] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.317] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=158, color=0x19eea4) returned 0x0 [0104.317] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.317] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.317] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=159, color=0x19eea4) returned 0x0 [0104.318] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.318] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.318] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=160, color=0x19eea4) returned 0x0 [0104.318] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.318] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.318] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=161, color=0x19eea4) returned 0x0 [0104.318] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.318] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.318] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=162, color=0x19eea4) returned 0x0 [0104.318] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.318] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.318] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=163, color=0x19eea4) returned 0x0 [0104.318] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.318] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.318] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=164, color=0x19eea4) returned 0x0 [0104.318] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.318] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.318] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=165, color=0x19eea4) returned 0x0 [0104.318] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.318] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.318] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=166, color=0x19eea4) returned 0x0 [0104.318] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.318] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.318] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=167, color=0x19eea4) returned 0x0 [0104.318] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.318] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.318] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=168, color=0x19eea4) returned 0x0 [0104.318] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.318] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.319] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=169, color=0x19eea4) returned 0x0 [0104.319] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.319] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.319] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=170, color=0x19eea4) returned 0x0 [0104.319] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.319] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.319] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=171, color=0x19eea4) returned 0x0 [0104.319] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.319] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.319] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=172, color=0x19eea4) returned 0x0 [0104.319] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.319] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.319] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=173, color=0x19eea4) returned 0x0 [0104.319] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.319] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.319] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=174, color=0x19eea4) returned 0x0 [0104.319] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.319] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.319] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=175, color=0x19eea4) returned 0x0 [0104.319] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.319] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.319] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=176, color=0x19eea4) returned 0x0 [0104.319] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.319] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.319] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=177, color=0x19eea4) returned 0x0 [0104.319] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.319] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.319] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=178, color=0x19eea4) returned 0x0 [0104.319] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.320] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.320] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=179, color=0x19eea4) returned 0x0 [0104.320] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.320] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.320] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=180, color=0x19eea4) returned 0x0 [0104.320] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.320] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.320] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=181, color=0x19eea4) returned 0x0 [0104.320] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.320] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.320] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=182, color=0x19eea4) returned 0x0 [0104.320] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.320] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.320] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=183, color=0x19eea4) returned 0x0 [0104.320] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.320] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.320] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=184, color=0x19eea4) returned 0x0 [0104.320] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.320] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.320] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=185, color=0x19eea4) returned 0x0 [0104.320] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.320] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.320] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=186, color=0x19eea4) returned 0x0 [0104.320] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.320] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.320] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=187, color=0x19eea4) returned 0x0 [0104.320] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.320] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.320] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=188, color=0x19eea4) returned 0x0 [0104.321] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.321] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.321] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=189, color=0x19eea4) returned 0x0 [0104.321] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.321] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.321] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=190, color=0x19eea4) returned 0x0 [0104.321] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.321] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.321] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=191, color=0x19eea4) returned 0x0 [0104.321] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.321] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.321] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=192, color=0x19eea4) returned 0x0 [0104.321] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.321] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.321] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=193, color=0x19eea4) returned 0x0 [0104.321] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.321] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.321] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=194, color=0x19eea4) returned 0x0 [0104.321] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.321] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.321] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=195, color=0x19eea4) returned 0x0 [0104.321] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.321] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.321] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=196, color=0x19eea4) returned 0x0 [0104.321] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.321] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.321] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=197, color=0x19eea4) returned 0x0 [0104.321] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.321] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.322] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=198, color=0x19eea4) returned 0x0 [0104.322] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.322] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.322] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=199, color=0x19eea4) returned 0x0 [0104.322] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.322] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.322] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=200, color=0x19eea4) returned 0x0 [0104.322] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.322] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.322] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=201, color=0x19eea4) returned 0x0 [0104.322] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.322] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.322] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=202, color=0x19eea4) returned 0x0 [0104.322] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.322] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.322] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=203, color=0x19eea4) returned 0x0 [0104.322] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.322] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.322] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=204, color=0x19eea4) returned 0x0 [0104.322] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.322] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.322] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=205, color=0x19eea4) returned 0x0 [0104.322] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.322] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.322] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=206, color=0x19eea4) returned 0x0 [0104.322] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.322] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.322] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=207, color=0x19eea4) returned 0x0 [0104.322] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.323] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.323] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=208, color=0x19eea4) returned 0x0 [0104.323] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.323] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.323] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=209, color=0x19eea4) returned 0x0 [0104.323] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.323] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.323] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=210, color=0x19eea4) returned 0x0 [0104.323] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.323] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.323] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=211, color=0x19eea4) returned 0x0 [0104.323] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.323] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.323] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=212, color=0x19eea4) returned 0x0 [0104.323] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.323] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.323] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=213, color=0x19eea4) returned 0x0 [0104.323] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.323] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.323] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=214, color=0x19eea4) returned 0x0 [0104.323] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.323] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.323] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=215, color=0x19eea4) returned 0x0 [0104.323] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.323] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.324] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=216, color=0x19eea4) returned 0x0 [0104.324] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.324] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.324] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=217, color=0x19eea4) returned 0x0 [0104.324] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.324] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.324] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=218, color=0x19eea4) returned 0x0 [0104.324] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.324] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.324] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=219, color=0x19eea4) returned 0x0 [0104.324] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.324] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.324] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=220, color=0x19eea4) returned 0x0 [0104.324] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.324] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.324] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=221, color=0x19eea4) returned 0x0 [0104.324] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.324] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.324] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=222, color=0x19eea4) returned 0x0 [0104.324] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.324] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.325] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=223, color=0x19eea4) returned 0x0 [0104.325] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.325] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.325] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=224, color=0x19eea4) returned 0x0 [0104.325] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.325] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.325] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=225, color=0x19eea4) returned 0x0 [0104.325] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.325] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.325] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=226, color=0x19eea4) returned 0x0 [0104.325] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.325] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.325] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=227, color=0x19eea4) returned 0x0 [0104.325] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.325] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.325] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=228, color=0x19eea4) returned 0x0 [0104.325] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.325] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.325] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=229, color=0x19eea4) returned 0x0 [0104.325] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.325] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.325] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=230, color=0x19eea4) returned 0x0 [0104.325] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.325] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.325] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=231, color=0x19eea4) returned 0x0 [0104.325] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.325] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.326] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=232, color=0x19eea4) returned 0x0 [0104.326] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.326] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.326] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=233, color=0x19eea4) returned 0x0 [0104.326] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.326] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.326] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=234, color=0x19eea4) returned 0x0 [0104.326] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.326] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.326] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=235, color=0x19eea4) returned 0x0 [0104.326] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.326] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.326] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=236, color=0x19eea4) returned 0x0 [0104.326] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.326] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.326] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=237, color=0x19eea4) returned 0x0 [0104.326] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.326] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.326] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=238, color=0x19eea4) returned 0x0 [0104.326] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.326] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.326] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=239, color=0x19eea4) returned 0x0 [0104.326] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.326] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.326] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=240, color=0x19eea4) returned 0x0 [0104.326] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.327] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.327] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=241, color=0x19eea4) returned 0x0 [0104.327] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.327] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.327] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=242, color=0x19eea4) returned 0x0 [0104.327] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.327] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.327] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=243, color=0x19eea4) returned 0x0 [0104.327] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.327] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.327] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=244, color=0x19eea4) returned 0x0 [0104.327] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.327] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.327] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=245, color=0x19eea4) returned 0x0 [0104.327] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.327] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.327] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=246, color=0x19eea4) returned 0x0 [0104.327] GdipGetImageWidth (image=0x5bdf268, width=0x19ee94) returned 0x0 [0104.327] GdipGetImageHeight (image=0x5bdf268, height=0x19ee94) returned 0x0 [0104.327] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=247, color=0x19eea4) returned 0x0 [0104.327] GdipBitmapGetPixel (bitmap=0x5bdf268, x=0, y=248, color=0x19eea4) returned 0x0 [0105.459] CoTaskMemAlloc (cb=0xd) returned 0x56dd48 [0105.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2295210, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0105.463] LoadLibraryA (lpLibFileName="kernel32") returned 0x74530000 [0105.463] CoTaskMemFree (pv=0x56dd48) [0105.470] CoTaskMemAlloc (cb=0x11) returned 0x543288 [0105.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x2295248, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12 [0105.470] GetProcAddress (hModule=0x74530000, lpProcName="ResumeThread") returned 0x7454a800 [0105.471] CoTaskMemFree (pv=0x543288) [0105.477] CoTaskMemAlloc (cb=0xd) returned 0x56dc28 [0105.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2295320, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0105.477] LoadLibraryA (lpLibFileName="kernel32") returned 0x74530000 [0105.477] CoTaskMemFree (pv=0x56dc28) [0105.477] CoTaskMemAlloc (cb=0x1a) returned 0x586ba8 [0105.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x2295358, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0105.477] GetProcAddress (hModule=0x74530000, lpProcName="Wow64SetThreadContext") returned 0x74573e60 [0105.477] CoTaskMemFree (pv=0x586ba8) [0105.482] CoTaskMemAlloc (cb=0xd) returned 0x56dca0 [0105.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2295424, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0105.482] LoadLibraryA (lpLibFileName="kernel32") returned 0x74530000 [0105.482] CoTaskMemFree (pv=0x56dca0) [0105.482] CoTaskMemAlloc (cb=0x15) returned 0x542fc8 [0105.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x229545c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0105.483] GetProcAddress (hModule=0x74530000, lpProcName="SetThreadContext") returned 0x74572490 [0105.483] CoTaskMemFree (pv=0x542fc8) [0105.484] CoTaskMemAlloc (cb=0xd) returned 0x56dc58 [0105.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2295524, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0105.484] LoadLibraryA (lpLibFileName="kernel32") returned 0x74530000 [0105.484] CoTaskMemFree (pv=0x56dc58) [0105.484] CoTaskMemAlloc (cb=0x1a) returned 0x586a18 [0105.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x229555c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0105.485] GetProcAddress (hModule=0x74530000, lpProcName="Wow64GetThreadContext") returned 0x74573e30 [0105.485] CoTaskMemFree (pv=0x586a18) [0105.486] CoTaskMemAlloc (cb=0xd) returned 0x56de80 [0105.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2295628, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0105.486] LoadLibraryA (lpLibFileName="kernel32") returned 0x74530000 [0105.486] CoTaskMemFree (pv=0x56de80) [0105.486] CoTaskMemAlloc (cb=0x15) returned 0x542f68 [0105.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x2295660, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0105.487] GetProcAddress (hModule=0x74530000, lpProcName="GetThreadContext") returned 0x7454ec60 [0105.487] CoTaskMemFree (pv=0x542f68) [0105.488] CoTaskMemAlloc (cb=0xd) returned 0x56de50 [0105.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x229571c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0105.488] LoadLibraryA (lpLibFileName="kernel32") returned 0x74530000 [0105.488] CoTaskMemFree (pv=0x56de50) [0105.488] CoTaskMemAlloc (cb=0x13) returned 0x542f68 [0105.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x2295754, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14 [0105.489] GetProcAddress (hModule=0x74530000, lpProcName="VirtualAllocEx") returned 0x74572730 [0105.489] CoTaskMemFree (pv=0x542f68) [0105.492] CoTaskMemAlloc (cb=0xd) returned 0x56de80 [0105.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2295810, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0105.493] LoadLibraryA (lpLibFileName="kernel32") returned 0x74530000 [0105.493] CoTaskMemFree (pv=0x56de80) [0105.493] CoTaskMemAlloc (cb=0x17) returned 0x5431a8 [0105.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x2295848, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18 [0105.493] GetProcAddress (hModule=0x74530000, lpProcName="WriteProcessMemory") returned 0x74572850 [0105.493] CoTaskMemFree (pv=0x5431a8) [0105.501] CoTaskMemAlloc (cb=0xd) returned 0x56dd30 [0105.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x229590c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0105.501] LoadLibraryA (lpLibFileName="kernel32") returned 0x74530000 [0105.501] CoTaskMemFree (pv=0x56dd30) [0105.501] CoTaskMemAlloc (cb=0x16) returned 0x5430e8 [0105.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x2295944, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17 [0105.501] GetProcAddress (hModule=0x74530000, lpProcName="ReadProcessMemory") returned 0x74571c80 [0105.501] CoTaskMemFree (pv=0x5430e8) [0105.506] CoTaskMemAlloc (cb=0xa) returned 0x56dbc8 [0105.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x2295a04, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5 [0105.506] LoadLibraryA (lpLibFileName="ntdll") returned 0x77260000 [0105.506] CoTaskMemFree (pv=0x56dbc8) [0105.506] CoTaskMemAlloc (cb=0x19) returned 0x586d38 [0105.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x2295a30, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20 [0105.506] GetProcAddress (hModule=0x77260000, lpProcName="ZwUnmapViewOfSection") returned 0x772d6f40 [0105.506] CoTaskMemFree (pv=0x586d38) [0105.509] CoTaskMemAlloc (cb=0xd) returned 0x56dd00 [0105.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2295af8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0105.509] LoadLibraryA (lpLibFileName="kernel32") returned 0x74530000 [0105.510] CoTaskMemFree (pv=0x56dd00) [0105.510] CoTaskMemAlloc (cb=0x13) returned 0x543168 [0105.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x2295b30, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14 [0105.510] GetProcAddress (hModule=0x74530000, lpProcName="CreateProcessA") returned 0x74570750 [0105.510] CoTaskMemFree (pv=0x543168) [0105.530] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", nBufferLength=0x105, lpBuffer=0x19e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", lpFilePart=0x0) returned 0x62 [0105.535] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="mLNPTFHTEO") returned 0x0 [0105.560] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="mLNPTFHTEO") returned 0x2d8 [0110.197] CoTaskMemAlloc (cb=0x20c) returned 0x588b18 [0110.198] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x588b18 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0110.206] CoTaskMemFree (pv=0x588b18) [0110.207] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0110.214] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", nBufferLength=0x105, lpBuffer=0x19e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", lpFilePart=0x0) returned 0x37 [0110.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e9b4) returned 1 [0110.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\xlpvvrzhctudf.exe"), fInfoLevelId=0x0, lpFileInformation=0x19ea30 | out: lpFileInformation=0x19ea30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0110.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e9b0) returned 1 [0110.224] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", nBufferLength=0x105, lpBuffer=0x19e4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", lpFilePart=0x0) returned 0x37 [0110.237] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", nBufferLength=0x105, lpBuffer=0x19e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", lpFilePart=0x0) returned 0x37 [0110.239] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", nBufferLength=0x105, lpBuffer=0x19e444, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", lpFilePart=0x0) returned 0x37 [0110.245] SetNamedSecurityInfoW () returned 0x2 [0110.535] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", nBufferLength=0x105, lpBuffer=0x19e50c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", lpFilePart=0x0) returned 0x62 [0110.535] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", nBufferLength=0x105, lpBuffer=0x19e50c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", lpFilePart=0x0) returned 0x37 [0110.536] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\xlpvvrzhctudf.exe"), bFailIfExists=1) returned 1 [0111.520] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", nBufferLength=0x105, lpBuffer=0x19e4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", lpFilePart=0x0) returned 0x37 [0111.522] GetUserNameW (in: lpBuffer=0x19e758, pcbBuffer=0x19e9d0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19e9d0) returned 1 [0111.532] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", nBufferLength=0x105, lpBuffer=0x19e42c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", lpFilePart=0x0) returned 0x37 [0111.532] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", dwFileAttributes=0x2007) returned 1 [0111.541] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e7e0, DesiredAccess=0x800, PolicyHandle=0x19e7a0 | out: PolicyHandle=0x19e7a0) returned 0x0 [0111.543] CoTaskMemAlloc (cb=0x8) returned 0x55c520 [0111.544] CoTaskMemAlloc (cb=0x1a) returned 0x586fb8 [0111.545] LsaLookupNames2 (in: PolicyHandle=0x5430e8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e7b4, Sids=0x19e7a8 | out: ReferencedDomains=0x19e7b4, Sids=0x19e7a8) returned 0x0 [0111.548] CoTaskMemFree (pv=0x586fb8) [0111.548] CoTaskMemFree (pv=0x55c520) [0111.557] LsaClose (ObjectHandle=0x5430e8) returned 0x0 [0111.557] LsaFreeMemory (Buffer=0x55aa90) returned 0x0 [0111.557] LsaFreeMemory (Buffer=0x583730) returned 0x0 [0111.558] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e7e0, DesiredAccess=0x800, PolicyHandle=0x19e7a0 | out: PolicyHandle=0x19e7a0) returned 0x0 [0111.558] CoTaskMemAlloc (cb=0x8) returned 0x55c520 [0111.558] CoTaskMemAlloc (cb=0x1a) returned 0x586f18 [0111.558] LsaLookupNames2 (in: PolicyHandle=0x5430e8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e7b4, Sids=0x19e7a8 | out: ReferencedDomains=0x19e7b4, Sids=0x19e7a8) returned 0x0 [0111.559] CoTaskMemFree (pv=0x586f18) [0111.559] CoTaskMemFree (pv=0x55c520) [0111.559] LsaClose (ObjectHandle=0x5430e8) returned 0x0 [0111.559] LsaFreeMemory (Buffer=0x55aa90) returned 0x0 [0111.559] LsaFreeMemory (Buffer=0x583b50) returned 0x0 [0111.559] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e7f4, DesiredAccess=0x800, PolicyHandle=0x19e7b4 | out: PolicyHandle=0x19e7b4) returned 0x0 [0111.560] CoTaskMemAlloc (cb=0x8) returned 0x55c520 [0111.560] CoTaskMemAlloc (cb=0x1a) returned 0x587080 [0111.560] LsaLookupNames2 (in: PolicyHandle=0x5430e8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e7c8, Sids=0x19e7bc | out: ReferencedDomains=0x19e7c8, Sids=0x19e7bc) returned 0x0 [0111.560] CoTaskMemFree (pv=0x587080) [0111.560] CoTaskMemFree (pv=0x55c520) [0111.560] LsaClose (ObjectHandle=0x5430e8) returned 0x0 [0111.561] LsaFreeMemory (Buffer=0x55aa90) returned 0x0 [0111.561] LsaFreeMemory (Buffer=0x583c58) returned 0x0 [0111.561] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e7e0, DesiredAccess=0x800, PolicyHandle=0x19e7a0 | out: PolicyHandle=0x19e7a0) returned 0x0 [0111.561] CoTaskMemAlloc (cb=0x8) returned 0x55c520 [0111.561] CoTaskMemAlloc (cb=0x1a) returned 0x5871c0 [0111.561] LsaLookupNames2 (in: PolicyHandle=0x5430e8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e7b4, Sids=0x19e7a8 | out: ReferencedDomains=0x19e7b4, Sids=0x19e7a8) returned 0x0 [0111.562] CoTaskMemFree (pv=0x5871c0) [0111.562] CoTaskMemFree (pv=0x55c520) [0111.562] LsaClose (ObjectHandle=0x5430e8) returned 0x0 [0111.562] LsaFreeMemory (Buffer=0x55aa90) returned 0x0 [0111.562] LsaFreeMemory (Buffer=0x583ba8) returned 0x0 [0111.563] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e7e0, DesiredAccess=0x800, PolicyHandle=0x19e7a0 | out: PolicyHandle=0x19e7a0) returned 0x0 [0111.563] CoTaskMemAlloc (cb=0x8) returned 0x55c520 [0111.563] CoTaskMemAlloc (cb=0x1a) returned 0x5870d0 [0111.563] LsaLookupNames2 (in: PolicyHandle=0x5430e8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e7b4, Sids=0x19e7a8 | out: ReferencedDomains=0x19e7b4, Sids=0x19e7a8) returned 0x0 [0111.564] CoTaskMemFree (pv=0x5870d0) [0111.564] CoTaskMemFree (pv=0x55c520) [0111.564] LsaClose (ObjectHandle=0x5430e8) returned 0x0 [0111.564] LsaFreeMemory (Buffer=0x55aa90) returned 0x0 [0111.564] LsaFreeMemory (Buffer=0x583fc8) returned 0x0 [0111.564] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e7e0, DesiredAccess=0x800, PolicyHandle=0x19e7a0 | out: PolicyHandle=0x19e7a0) returned 0x0 [0111.564] CoTaskMemAlloc (cb=0x8) returned 0x55c520 [0111.565] CoTaskMemAlloc (cb=0x1a) returned 0x5871c0 [0111.565] LsaLookupNames2 (in: PolicyHandle=0x5430e8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e7b4, Sids=0x19e7a8 | out: ReferencedDomains=0x19e7b4, Sids=0x19e7a8) returned 0x0 [0111.565] CoTaskMemFree (pv=0x5871c0) [0111.565] CoTaskMemFree (pv=0x55c520) [0111.565] LsaClose (ObjectHandle=0x5430e8) returned 0x0 [0111.566] LsaFreeMemory (Buffer=0x55aa90) returned 0x0 [0111.566] LsaFreeMemory (Buffer=0x583680) returned 0x0 [0111.566] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e7e0, DesiredAccess=0x800, PolicyHandle=0x19e7a0 | out: PolicyHandle=0x19e7a0) returned 0x0 [0111.566] CoTaskMemAlloc (cb=0x8) returned 0x55c520 [0111.566] CoTaskMemAlloc (cb=0x1a) returned 0x586fb8 [0111.566] LsaLookupNames2 (in: PolicyHandle=0x5430e8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e7b4, Sids=0x19e7a8 | out: ReferencedDomains=0x19e7b4, Sids=0x19e7a8) returned 0x0 [0111.567] CoTaskMemFree (pv=0x586fb8) [0111.567] CoTaskMemFree (pv=0x55c520) [0111.567] LsaClose (ObjectHandle=0x5430e8) returned 0x0 [0111.567] LsaFreeMemory (Buffer=0x55aa90) returned 0x0 [0111.567] LsaFreeMemory (Buffer=0x583680) returned 0x0 [0111.567] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e7f4, DesiredAccess=0x800, PolicyHandle=0x19e7b4 | out: PolicyHandle=0x19e7b4) returned 0x0 [0111.567] CoTaskMemAlloc (cb=0x8) returned 0x55c520 [0111.567] CoTaskMemAlloc (cb=0x1a) returned 0x586f68 [0111.567] LsaLookupNames2 (in: PolicyHandle=0x543188, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e7c8, Sids=0x19e7bc | out: ReferencedDomains=0x19e7c8, Sids=0x19e7bc) returned 0x0 [0111.568] CoTaskMemFree (pv=0x586f68) [0111.568] CoTaskMemFree (pv=0x55c520) [0111.568] LsaClose (ObjectHandle=0x543188) returned 0x0 [0111.568] LsaFreeMemory (Buffer=0x55aa90) returned 0x0 [0111.568] LsaFreeMemory (Buffer=0x5837e0) returned 0x0 [0111.568] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e7e0, DesiredAccess=0x800, PolicyHandle=0x19e7a0 | out: PolicyHandle=0x19e7a0) returned 0x0 [0111.568] CoTaskMemAlloc (cb=0x8) returned 0x55c520 [0111.568] CoTaskMemAlloc (cb=0x1a) returned 0x586f68 [0111.568] LsaLookupNames2 (in: PolicyHandle=0x5430e8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e7b4, Sids=0x19e7a8 | out: ReferencedDomains=0x19e7b4, Sids=0x19e7a8) returned 0x0 [0111.569] CoTaskMemFree (pv=0x586f68) [0111.569] CoTaskMemFree (pv=0x55c520) [0111.569] LsaClose (ObjectHandle=0x5430e8) returned 0x0 [0111.569] LsaFreeMemory (Buffer=0x55aa90) returned 0x0 [0111.569] LsaFreeMemory (Buffer=0x583cb0) returned 0x0 [0111.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", nBufferLength=0x105, lpBuffer=0x19e4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", lpFilePart=0x0) returned 0x37 [0111.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", nBufferLength=0x105, lpBuffer=0x19e418, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", lpFilePart=0x0) returned 0x37 [0111.569] SetNamedSecurityInfoW () returned 0x0 [0111.633] GetCurrentProcess () returned 0xffffffff [0111.633] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e93c | out: TokenHandle=0x19e93c*=0x3b0) returned 1 [0111.637] GetCurrentProcess () returned 0xffffffff [0111.637] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e90c | out: TokenHandle=0x19e90c*=0x3b4) returned 1 [0111.637] GetTokenInformation (in: TokenHandle=0x3b0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19e940 | out: TokenInformation=0x0, ReturnLength=0x19e940) returned 0 [0111.638] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x58b378 [0111.638] GetTokenInformation (in: TokenHandle=0x3b0, TokenInformationClass=0x1, TokenInformation=0x58b378, TokenInformationLength=0x24, ReturnLength=0x19e940 | out: TokenInformation=0x58b378, ReturnLength=0x19e940) returned 1 [0111.638] LocalFree (hMem=0x58b378) returned 0x0 [0111.638] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e860, DesiredAccess=0x800, PolicyHandle=0x19e820 | out: PolicyHandle=0x19e820) returned 0x0 [0111.638] LsaLookupSids (in: PolicyHandle=0x5430e8, Count=0x1, Sids=0x231f280*=0x231f224*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), ReferencedDomains=0x19e83c, Names=0x19e830 | out: ReferencedDomains=0x19e83c, Names=0x19e830) returned 0x0 [0111.639] LsaClose (ObjectHandle=0x5430e8) returned 0x0 [0111.640] LsaFreeMemory (Buffer=0x55aa90) returned 0x0 [0111.640] LsaFreeMemory (Buffer=0x5affc8) returned 0x0 [0111.642] CoTaskMemAlloc (cb=0x20c) returned 0x588b18 [0111.642] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x588b18 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0111.642] CoTaskMemFree (pv=0x588b18) [0111.642] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19e47c, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0111.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19e490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0111.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19e418, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0111.643] CoTaskMemAlloc (cb=0x20c) returned 0x588b18 [0111.643] GetTempFileNameW (in: lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x588b18 | out: lpTempFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp43d6.tmp")) returned 0x43d6 [0111.644] CoTaskMemFree (pv=0x588b18) [0111.650] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp", nBufferLength=0x105, lpBuffer=0x19e334, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp", lpFilePart=0x0) returned 0x34 [0111.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e828) returned 1 [0111.650] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp43d6.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b8 [0111.651] GetFileType (hFile=0x3b8) returned 0x1 [0111.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e824) returned 1 [0111.651] GetFileType (hFile=0x3b8) returned 0x1 [0111.652] WriteFile (in: hFile=0x3b8, lpBuffer=0x23233ac*, nNumberOfBytesToWrite=0x66f, lpNumberOfBytesWritten=0x19e8c0, lpOverlapped=0x0 | out: lpBuffer=0x23233ac*, lpNumberOfBytesWritten=0x19e8c0*=0x66f, lpOverlapped=0x0) returned 1 [0111.653] CloseHandle (hObject=0x3b8) returned 1 [0111.672] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x5870f8 [0111.672] LocalAlloc (uFlags=0x0, uBytes=0xc0) returned 0x582fd0 [0111.673] ShellExecuteExW (in: pExecInfo=0x2324740*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\xlpVvRzhctudF\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2324740*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\xlpVvRzhctudF\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4d8)) returned 1 [0114.237] LocalFree (hMem=0x5870f8) returned 0x0 [0114.237] LocalFree (hMem=0x582fd0) returned 0x0 [0114.241] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp", nBufferLength=0x105, lpBuffer=0x19e4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp", lpFilePart=0x0) returned 0x34 [0114.241] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp43d6.tmp")) returned 1 [0114.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", cchWideChar=98, lpMultiByteStr=0x19e634, cbMultiByte=100, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe¸\x07ïØÄO «_m|î\x19", lpUsedDefaultChar=0x0) returned 98 [0114.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x19e630, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$@¸\x07C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", lpUsedDefaultChar=0x0) returned 0 [0114.334] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19e6f4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19e9fc | out: lpCommandLine="", lpProcessInformation=0x19e9fc*(hProcess=0x460, hThread=0x464, dwProcessId=0x8d0, dwThreadId=0xd10)) returned 1 [0114.358] CoTaskMemFree (pv=0x0) [0114.365] GetThreadContext (in: hThread=0x464, lpContext=0x234ed84 | out: lpContext=0x234ed84*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2c5000, Edx=0x0, Ecx=0x0, Eax=0x4a4d76, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0114.413] ReadProcessMemory (in: hProcess=0x460, lpBaseAddress=0x2c5008, lpBuffer=0x19e9ec, nSize=0x4, lpNumberOfBytesRead=0x19ea30 | out: lpBuffer=0x19e9ec*, lpNumberOfBytesRead=0x19ea30*=0x4) returned 1 [0114.416] NtUnmapViewOfSection (ProcessHandle=0x460, BaseAddress=0x400000) returned 0x0 [0114.418] VirtualAllocEx (hProcess=0x460, lpAddress=0x400000, dwSize=0x3c000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0114.419] WriteProcessMemory (in: hProcess=0x460, lpBaseAddress=0x400000, lpBuffer=0x3335f50*, nSize=0x200, lpNumberOfBytesWritten=0x19ea30 | out: lpBuffer=0x3335f50*, lpNumberOfBytesWritten=0x19ea30*=0x200) returned 1 [0114.427] WriteProcessMemory (in: hProcess=0x460, lpBaseAddress=0x402000, lpBuffer=0x34bf1d0*, nSize=0x35c00, lpNumberOfBytesWritten=0x19ea30 | out: lpBuffer=0x34bf1d0*, lpNumberOfBytesWritten=0x19ea30*=0x35c00) returned 1 [0114.436] WriteProcessMemory (in: hProcess=0x460, lpBaseAddress=0x438000, lpBuffer=0x234f05c*, nSize=0x600, lpNumberOfBytesWritten=0x19ea30 | out: lpBuffer=0x234f05c*, lpNumberOfBytesWritten=0x19ea30*=0x600) returned 1 [0114.441] WriteProcessMemory (in: hProcess=0x460, lpBaseAddress=0x43a000, lpBuffer=0x234f668*, nSize=0x200, lpNumberOfBytesWritten=0x19ea30 | out: lpBuffer=0x234f668*, lpNumberOfBytesWritten=0x19ea30*=0x200) returned 1 [0114.486] WriteProcessMemory (in: hProcess=0x460, lpBaseAddress=0x2c5008, lpBuffer=0x234f874*, nSize=0x4, lpNumberOfBytesWritten=0x19ea30 | out: lpBuffer=0x234f874*, lpNumberOfBytesWritten=0x19ea30*=0x4) returned 1 [0114.546] SetThreadContext (hThread=0x464, lpContext=0x234ed84*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2c5000, Edx=0x0, Ecx=0x0, Eax=0x437a9e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0114.547] ResumeThread (hThread=0x464) returned 0x1 [0114.638] CoGetContextToken (in: pToken=0x19edf8 | out: pToken=0x19edf8) returned 0x0 [0114.638] CObjectContext::QueryInterface () returned 0x0 [0114.638] CObjectContext::GetCurrentThreadType () returned 0x0 [0114.638] Release () returned 0x3 [0114.638] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x5183e8*=0x14c, lpdwindex=0x19ec9c | out: lpdwindex=0x19ec9c) returned 0x0 Thread: id = 2 os_tid = 0xe8 Thread: id = 3 os_tid = 0x990 Thread: id = 4 os_tid = 0x890 [0063.524] CoGetContextToken (in: pToken=0x435fc3c | out: pToken=0x435fc3c) returned 0x800401f0 [0063.524] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0063.524] RoInitialize () returned 0x1 [0063.524] RoUninitialize () returned 0x0 [0114.699] SetWindowLongW (hWnd=0x3036e, nIndex=-4, dwNewLong=1945176032) returned 76809702 [0114.701] SetClassLongW (hWnd=0x3036e, nIndex=-24, dwNewLong=1945176032) returned 0x49405be [0114.701] PostMessageW (hWnd=0x3036e, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0114.702] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0114.702] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", hInstance=0x400000) returned 0 [0114.706] IsWindow (hWnd=0x5029a) returned 1 [0114.709] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76300000 [0114.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x435f9dc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWújïØÄO «_mXü5\x04HyS", lpUsedDefaultChar=0x0) returned 14 [0114.709] GetProcAddress (hModule=0x76300000, lpProcName="DefWindowProcW") returned 0x73f107e0 [0114.710] SetWindowLongW (hWnd=0x5029a, nIndex=-4, dwNewLong=1945176032) returned 76809782 [0114.710] SetClassLongW (hWnd=0x5029a, nIndex=-24, dwNewLong=1945176032) returned 0x4940636 [0114.710] IsWindow (hWnd=0x5029a) returned 1 [0114.710] DestroyWindow (hWnd=0x5029a) returned 0 [0114.710] PostMessageW (hWnd=0x5029a, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0114.711] SetConsoleCtrlHandler (HandlerRoutine=0x494060e, Add=0) returned 1 [0114.711] EtwEventUnregister (RegHandle=0x548cb0) returned 0x0 [0114.731] GdipDisposeImage (image=0x5bdf268) returned 0x0 [0114.736] GdipDeleteFont (font=0x4acefc0) returned 0x0 [0114.737] GetCurrentObject (hdc=0x1b0109b5, type=0x6) returned 0x320a097d [0114.737] SelectObject (hdc=0x1b0109b5, h=0x18a0048) returned 0x320a097d [0114.738] DeleteObject (ho=0x320a097d) returned 1 [0114.738] DeleteDC (hdc=0x1b0109b5) returned 1 [0114.739] RestoreDC (hdc=0x0, nSavedDC=-1) returned 0 [0114.740] CloseHandle (hObject=0x264) returned 1 [0114.747] CloseHandle (hObject=0x4d8) returned 1 [0114.748] CloseHandle (hObject=0x3b4) returned 1 [0114.748] CloseHandle (hObject=0x3b0) returned 1 [0114.749] CloseHandle (hObject=0x2d8) returned 1 [0114.749] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 5 os_tid = 0xdb8 Thread: id = 6 os_tid = 0xb34 Thread: id = 7 os_tid = 0x36c Thread: id = 8 os_tid = 0x4e8 [0105.574] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0105.574] RoInitialize () returned 0x1 [0105.574] RoUninitialize () returned 0x0 [0105.598] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x7d0f1c4 | out: lpLuid=0x7d0f1c4*(LowPart=0x14, HighPart=0)) returned 1 [0105.602] GetCurrentProcess () returned 0xffffffff [0105.602] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x7d0f1c0 | out: TokenHandle=0x7d0f1c0*=0x2fc) returned 1 [0105.603] AdjustTokenPrivileges (in: TokenHandle=0x2fc, DisableAllPrivileges=0, NewState=0x2297b10*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0105.603] CloseHandle (hObject=0x2fc) returned 1 [0105.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x336c570, Length=0x20000, ResultLength=0x7d0f8a4 | out: SystemInformation=0x336c570, ResultLength=0x7d0f8a4*=0x177a0) returned 0x0 [0108.197] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x336c570, Length=0x20000, ResultLength=0x7d0f8a4 | out: SystemInformation=0x336c570, ResultLength=0x7d0f8a4*=0x177a0) returned 0x0 [0110.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x336c570, Length=0x20000, ResultLength=0x7d0f8a4 | out: SystemInformation=0x336c570, ResultLength=0x7d0f8a4*=0x176a0) returned 0x0 [0112.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x336c570, Length=0x20000, ResultLength=0x7d0f8a4 | out: SystemInformation=0x336c570, ResultLength=0x7d0f8a4*=0x176e0) returned 0x0 [0114.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x336c570, Length=0x20000, ResultLength=0x7d0f8a4 | out: SystemInformation=0x336c570, ResultLength=0x7d0f8a4*=0x17d88) returned 0x0 Thread: id = 9 os_tid = 0x354 Thread: id = 10 os_tid = 0x27c Thread: id = 11 os_tid = 0x1e0 Thread: id = 15 os_tid = 0x960 [0114.630] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0114.630] RoInitialize () returned 0x1 [0114.630] RoUninitialize () returned 0x0 [0114.631] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x336c570, Length=0x20000, ResultLength=0x88af824 | out: SystemInformation=0x336c570, ResultLength=0x88af824*=0x17d88) returned 0x0 Thread: id = 16 os_tid = 0xeac Process: id = "2" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x25c5f000" os_pid = "0x7e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xb04" cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\xlpVvRzhctudF\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 513 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 514 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 515 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 516 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 517 start_va = 0xa0000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 518 start_va = 0xe0000 end_va = 0xe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 519 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 520 start_va = 0x100000 end_va = 0x101fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 521 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 522 start_va = 0xa30000 end_va = 0xa61fff monitored = 1 entry_point = 0xa505b0 region_type = mapped_file name = "schtasks.exe" filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe") Region: id = 523 start_va = 0xa70000 end_va = 0x4a6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 524 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 525 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 526 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 527 start_va = 0x7fff0000 end_va = 0x7dfc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 528 start_va = 0x7dfc5f810000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfc5f810000" filename = "" Region: id = 529 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 530 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 550 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 551 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 552 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 553 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 554 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 555 start_va = 0x560000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 556 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 557 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 559 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 560 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 783 start_va = 0x110000 end_va = 0x1cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 784 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 785 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 786 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 787 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 788 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 789 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 790 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 791 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 792 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 793 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 794 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 795 start_va = 0x700000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 798 start_va = 0x700000 end_va = 0x7e9fff monitored = 0 entry_point = 0x73d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 799 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 800 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 801 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 802 start_va = 0x4a70000 end_va = 0x4e6afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a70000" filename = "" Region: id = 803 start_va = 0x4e70000 end_va = 0x51a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 804 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 805 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 806 start_va = 0x74360000 end_va = 0x743e3fff monitored = 0 entry_point = 0x74386220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 807 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 808 start_va = 0x6ab90000 end_va = 0x6ac1bfff monitored = 0 entry_point = 0x6abca6c0 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll") Region: id = 809 start_va = 0x700000 end_va = 0x7dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Thread: id = 12 os_tid = 0xfac [0124.215] GetModuleHandleA (lpModuleName=0x0) returned 0xa30000 [0124.215] __set_app_type (_Type=0x1) [0124.215] __p__fmode () returned 0x74344d6c [0124.215] __p__commode () returned 0x74345b1c [0124.216] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xa50840) returned 0x0 [0124.216] __wgetmainargs (in: _Argc=0xa5ade0, _Argv=0xa5ade4, _Env=0xa5ade8, _DoWildCard=0, _StartInfo=0xa5adf4 | out: _Argc=0xa5ade0, _Argv=0xa5ade4, _Env=0xa5ade8) returned 0 [0124.216] _onexit (_Func=0xa52bc0) returned 0xa52bc0 [0124.216] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0124.216] WinSqmIsOptedIn () returned 0x0 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x6073b0 [0124.217] RtlRestoreLastWin32Error () returned 0x0 [0124.217] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0124.217] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0124.217] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0124.217] RtlVerifyVersionInfo (VersionInfo=0xdf9f8, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x607320 [0124.217] lstrlenW (lpString="") returned 0 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x2) returned 0x600598 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x606e50 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x607350 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x606c18 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x606c38 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x606c58 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x606848 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x6073c8 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x606868 [0124.217] GetProcessHeap () returned 0x600000 [0124.217] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x606888 [0124.218] GetProcessHeap () returned 0x600000 [0124.218] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6065e0 [0124.218] GetProcessHeap () returned 0x600000 [0124.218] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x606600 [0124.218] GetProcessHeap () returned 0x600000 [0124.218] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x6073f8 [0124.218] GetProcessHeap () returned 0x600000 [0124.218] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x606620 [0124.218] GetProcessHeap () returned 0x600000 [0124.218] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x602788 [0124.218] GetProcessHeap () returned 0x600000 [0124.218] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6027a8 [0124.218] GetProcessHeap () returned 0x600000 [0124.218] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6027c8 [0124.218] SetThreadUILanguage (LangId=0x0) returned 0x409 [0124.257] RtlRestoreLastWin32Error () returned 0x0 [0124.257] GetProcessHeap () returned 0x600000 [0124.257] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609610 [0124.257] GetProcessHeap () returned 0x600000 [0124.257] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609490 [0124.257] GetProcessHeap () returned 0x600000 [0124.257] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609350 [0124.257] GetProcessHeap () returned 0x600000 [0124.257] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609450 [0124.257] GetProcessHeap () returned 0x600000 [0124.257] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609370 [0124.257] GetProcessHeap () returned 0x600000 [0124.257] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x607410 [0124.257] _memicmp (_Buf1=0x607410, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.257] GetProcessHeap () returned 0x600000 [0124.257] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x208) returned 0x608ce8 [0124.257] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x608ce8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0124.257] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdfb04 | out: lpdwHandle=0xdfb04) returned 0x76c [0124.259] GetProcessHeap () returned 0x600000 [0124.259] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x776) returned 0x609dc0 [0124.259] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x609dc0 | out: lpData=0x609dc0) returned 1 [0124.259] VerQueryValueW (in: pBlock=0x609dc0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdfb0c, puLen=0xdfb10 | out: lplpBuffer=0xdfb0c*=0x60a170, puLen=0xdfb10) returned 1 [0124.261] _memicmp (_Buf1=0x607410, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.261] _vsnwprintf (in: _Buffer=0x608ce8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdfaf0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0124.262] VerQueryValueW (in: pBlock=0x609dc0, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdfb1c, puLen=0xdfb18 | out: lplpBuffer=0xdfb1c*=0x609fa0, puLen=0xdfb18) returned 1 [0124.262] lstrlenW (lpString="schtasks.exe") returned 12 [0124.262] lstrlenW (lpString="schtasks.exe") returned 12 [0124.262] lstrlenW (lpString=".EXE") returned 4 [0124.262] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0124.262] lstrlenW (lpString="schtasks.exe") returned 12 [0124.262] lstrlenW (lpString=".EXE") returned 4 [0124.262] _memicmp (_Buf1=0x607410, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.262] lstrlenW (lpString="schtasks") returned 8 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609670 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6095b0 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6095d0 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609530 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x607440 [0124.263] _memicmp (_Buf1=0x607440, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0xa0) returned 0x6069e8 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609430 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6096b0 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609470 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x607458 [0124.263] _memicmp (_Buf1=0x607458, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x200) returned 0x60a7a0 [0124.263] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x60a7a0, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0124.263] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x30) returned 0x606a90 [0124.263] _vsnwprintf (in: _Buffer=0x6069e8, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdfaf4 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0124.263] GetProcessHeap () returned 0x600000 [0124.263] GetProcessHeap () returned 0x600000 [0124.264] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609dc0) returned 1 [0124.264] GetProcessHeap () returned 0x600000 [0124.264] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609dc0) returned 0x776 [0124.264] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609dc0) returned 1 [0124.264] RtlRestoreLastWin32Error () returned 0x0 [0124.264] GetThreadLocale () returned 0x409 [0124.264] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.264] lstrlenW (lpString="?") returned 1 [0124.264] GetThreadLocale () returned 0x409 [0124.264] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.264] lstrlenW (lpString="create") returned 6 [0124.264] GetThreadLocale () returned 0x409 [0124.264] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.264] lstrlenW (lpString="delete") returned 6 [0124.264] GetThreadLocale () returned 0x409 [0124.264] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.264] lstrlenW (lpString="query") returned 5 [0124.264] GetThreadLocale () returned 0x409 [0124.264] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.264] lstrlenW (lpString="change") returned 6 [0124.264] GetThreadLocale () returned 0x409 [0124.264] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.264] lstrlenW (lpString="run") returned 3 [0124.264] GetThreadLocale () returned 0x409 [0124.264] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.264] lstrlenW (lpString="end") returned 3 [0124.264] GetThreadLocale () returned 0x409 [0124.264] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.264] lstrlenW (lpString="showsid") returned 7 [0124.264] GetThreadLocale () returned 0x409 [0124.264] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.264] RtlRestoreLastWin32Error () returned 0x0 [0124.264] RtlRestoreLastWin32Error () returned 0x0 [0124.264] lstrlenW (lpString="/Create") returned 7 [0124.264] lstrlenW (lpString="-/") returned 2 [0124.264] StrChrIW (lpStart="-/", wMatch=0x82002f) returned="/" [0124.265] lstrlenW (lpString="?") returned 1 [0124.265] lstrlenW (lpString="?") returned 1 [0124.265] GetProcessHeap () returned 0x600000 [0124.265] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x607470 [0124.265] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.265] GetProcessHeap () returned 0x600000 [0124.265] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0xa) returned 0x6074d0 [0124.265] lstrlenW (lpString="Create") returned 6 [0124.265] GetProcessHeap () returned 0x600000 [0124.265] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x607338 [0124.265] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.265] GetProcessHeap () returned 0x600000 [0124.265] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6094f0 [0124.265] _vsnwprintf (in: _Buffer=0x6074d0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3 [0124.265] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8 [0124.265] lstrlenW (lpString="|?|") returned 3 [0124.265] lstrlenW (lpString="|Create|") returned 8 [0124.265] RtlRestoreLastWin32Error () returned 0x490 [0124.265] lstrlenW (lpString="create") returned 6 [0124.265] lstrlenW (lpString="create") returned 6 [0124.265] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.265] GetProcessHeap () returned 0x600000 [0124.265] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6074d0) returned 1 [0124.265] GetProcessHeap () returned 0x600000 [0124.265] RtlReAllocateHeap (Heap=0x600000, Flags=0xc, Ptr=0x6074d0, Size=0x14) returned 0x6096d0 [0124.265] lstrlenW (lpString="Create") returned 6 [0124.265] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.265] _vsnwprintf (in: _Buffer=0x6096d0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8 [0124.265] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8 [0124.265] lstrlenW (lpString="|create|") returned 8 [0124.265] lstrlenW (lpString="|Create|") returned 8 [0124.265] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0124.265] RtlRestoreLastWin32Error () returned 0x0 [0124.265] RtlRestoreLastWin32Error () returned 0x0 [0124.265] RtlRestoreLastWin32Error () returned 0x0 [0124.265] lstrlenW (lpString="/TN") returned 3 [0124.265] lstrlenW (lpString="-/") returned 2 [0124.265] StrChrIW (lpStart="-/", wMatch=0x82002f) returned="/" [0124.265] lstrlenW (lpString="?") returned 1 [0124.266] lstrlenW (lpString="?") returned 1 [0124.266] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.266] lstrlenW (lpString="TN") returned 2 [0124.266] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.266] _vsnwprintf (in: _Buffer=0x6096d0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3 [0124.266] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0124.266] lstrlenW (lpString="|?|") returned 3 [0124.266] lstrlenW (lpString="|TN|") returned 4 [0124.266] RtlRestoreLastWin32Error () returned 0x490 [0124.266] lstrlenW (lpString="create") returned 6 [0124.266] lstrlenW (lpString="create") returned 6 [0124.266] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.266] lstrlenW (lpString="TN") returned 2 [0124.266] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.266] _vsnwprintf (in: _Buffer=0x6096d0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8 [0124.266] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0124.266] lstrlenW (lpString="|create|") returned 8 [0124.266] lstrlenW (lpString="|TN|") returned 4 [0124.266] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0124.266] RtlRestoreLastWin32Error () returned 0x490 [0124.266] lstrlenW (lpString="delete") returned 6 [0124.266] lstrlenW (lpString="delete") returned 6 [0124.266] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.266] lstrlenW (lpString="TN") returned 2 [0124.266] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.266] _vsnwprintf (in: _Buffer=0x6096d0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8 [0124.266] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0124.266] lstrlenW (lpString="|delete|") returned 8 [0124.266] lstrlenW (lpString="|TN|") returned 4 [0124.266] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0 [0124.266] RtlRestoreLastWin32Error () returned 0x490 [0124.266] lstrlenW (lpString="query") returned 5 [0124.266] lstrlenW (lpString="query") returned 5 [0124.266] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.266] lstrlenW (lpString="TN") returned 2 [0124.266] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.267] _vsnwprintf (in: _Buffer=0x6096d0, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7 [0124.267] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0124.267] lstrlenW (lpString="|query|") returned 7 [0124.267] lstrlenW (lpString="|TN|") returned 4 [0124.267] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0 [0124.267] RtlRestoreLastWin32Error () returned 0x490 [0124.267] lstrlenW (lpString="change") returned 6 [0124.267] lstrlenW (lpString="change") returned 6 [0124.267] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.267] lstrlenW (lpString="TN") returned 2 [0124.267] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.267] _vsnwprintf (in: _Buffer=0x6096d0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8 [0124.267] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0124.267] lstrlenW (lpString="|change|") returned 8 [0124.267] lstrlenW (lpString="|TN|") returned 4 [0124.267] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0 [0124.267] RtlRestoreLastWin32Error () returned 0x490 [0124.267] lstrlenW (lpString="run") returned 3 [0124.267] lstrlenW (lpString="run") returned 3 [0124.267] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.267] lstrlenW (lpString="TN") returned 2 [0124.267] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.267] _vsnwprintf (in: _Buffer=0x6096d0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5 [0124.267] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0124.267] lstrlenW (lpString="|run|") returned 5 [0124.267] lstrlenW (lpString="|TN|") returned 4 [0124.267] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0 [0124.267] RtlRestoreLastWin32Error () returned 0x490 [0124.267] lstrlenW (lpString="end") returned 3 [0124.267] lstrlenW (lpString="end") returned 3 [0124.267] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.267] lstrlenW (lpString="TN") returned 2 [0124.267] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.267] _vsnwprintf (in: _Buffer=0x6096d0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5 [0124.267] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0124.267] lstrlenW (lpString="|end|") returned 5 [0124.267] lstrlenW (lpString="|TN|") returned 4 [0124.267] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0 [0124.268] RtlRestoreLastWin32Error () returned 0x490 [0124.268] lstrlenW (lpString="showsid") returned 7 [0124.268] lstrlenW (lpString="showsid") returned 7 [0124.268] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.268] GetProcessHeap () returned 0x600000 [0124.268] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6096d0) returned 1 [0124.268] GetProcessHeap () returned 0x600000 [0124.268] RtlReAllocateHeap (Heap=0x600000, Flags=0xc, Ptr=0x6096d0, Size=0x16) returned 0x609330 [0124.268] lstrlenW (lpString="TN") returned 2 [0124.268] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.268] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9 [0124.268] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0124.268] lstrlenW (lpString="|showsid|") returned 9 [0124.268] lstrlenW (lpString="|TN|") returned 4 [0124.268] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0 [0124.268] RtlRestoreLastWin32Error () returned 0x490 [0124.268] RtlRestoreLastWin32Error () returned 0x490 [0124.268] RtlRestoreLastWin32Error () returned 0x0 [0124.268] lstrlenW (lpString="/TN") returned 3 [0124.268] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0 [0124.268] RtlRestoreLastWin32Error () returned 0x490 [0124.268] RtlRestoreLastWin32Error () returned 0x0 [0124.268] lstrlenW (lpString="/TN") returned 3 [0124.268] GetProcessHeap () returned 0x600000 [0124.268] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x8) returned 0x606c78 [0124.268] GetProcessHeap () returned 0x600000 [0124.268] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609550 [0124.268] RtlRestoreLastWin32Error () returned 0x0 [0124.268] RtlRestoreLastWin32Error () returned 0x0 [0124.268] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0124.268] lstrlenW (lpString="-/") returned 2 [0124.269] StrChrIW (lpStart="-/", wMatch=0x820055) returned 0x0 [0124.269] RtlRestoreLastWin32Error () returned 0x490 [0124.269] RtlRestoreLastWin32Error () returned 0x490 [0124.269] RtlRestoreLastWin32Error () returned 0x0 [0124.269] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0124.269] StrChrIW (lpStart="Updates\\xlpVvRzhctudF", wMatch=0x3a) returned 0x0 [0124.269] RtlRestoreLastWin32Error () returned 0x490 [0124.269] RtlRestoreLastWin32Error () returned 0x0 [0124.269] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0124.269] GetProcessHeap () returned 0x600000 [0124.269] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x2c) returned 0x6070d8 [0124.269] GetProcessHeap () returned 0x600000 [0124.269] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6096f0 [0124.269] RtlRestoreLastWin32Error () returned 0x0 [0124.269] RtlRestoreLastWin32Error () returned 0x0 [0124.269] lstrlenW (lpString="/XML") returned 4 [0124.269] lstrlenW (lpString="-/") returned 2 [0124.269] StrChrIW (lpStart="-/", wMatch=0x82002f) returned="/" [0124.269] lstrlenW (lpString="?") returned 1 [0124.269] lstrlenW (lpString="?") returned 1 [0124.269] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.269] lstrlenW (lpString="XML") returned 3 [0124.269] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.269] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3 [0124.269] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0124.269] lstrlenW (lpString="|?|") returned 3 [0124.269] lstrlenW (lpString="|XML|") returned 5 [0124.269] RtlRestoreLastWin32Error () returned 0x490 [0124.269] lstrlenW (lpString="create") returned 6 [0124.269] lstrlenW (lpString="create") returned 6 [0124.269] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.269] lstrlenW (lpString="XML") returned 3 [0124.269] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.269] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8 [0124.269] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0124.269] lstrlenW (lpString="|create|") returned 8 [0124.269] lstrlenW (lpString="|XML|") returned 5 [0124.269] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0124.269] RtlRestoreLastWin32Error () returned 0x490 [0124.269] lstrlenW (lpString="delete") returned 6 [0124.269] lstrlenW (lpString="delete") returned 6 [0124.269] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.270] lstrlenW (lpString="XML") returned 3 [0124.270] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.270] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8 [0124.270] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0124.270] lstrlenW (lpString="|delete|") returned 8 [0124.270] lstrlenW (lpString="|XML|") returned 5 [0124.270] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0 [0124.270] RtlRestoreLastWin32Error () returned 0x490 [0124.270] lstrlenW (lpString="query") returned 5 [0124.270] lstrlenW (lpString="query") returned 5 [0124.270] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.270] lstrlenW (lpString="XML") returned 3 [0124.270] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.270] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7 [0124.270] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0124.270] lstrlenW (lpString="|query|") returned 7 [0124.270] lstrlenW (lpString="|XML|") returned 5 [0124.270] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0 [0124.270] RtlRestoreLastWin32Error () returned 0x490 [0124.270] lstrlenW (lpString="change") returned 6 [0124.270] lstrlenW (lpString="change") returned 6 [0124.270] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.270] lstrlenW (lpString="XML") returned 3 [0124.270] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.270] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8 [0124.270] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0124.270] lstrlenW (lpString="|change|") returned 8 [0124.270] lstrlenW (lpString="|XML|") returned 5 [0124.270] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0 [0124.270] RtlRestoreLastWin32Error () returned 0x490 [0124.270] lstrlenW (lpString="run") returned 3 [0124.270] lstrlenW (lpString="run") returned 3 [0124.270] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.270] lstrlenW (lpString="XML") returned 3 [0124.270] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.270] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5 [0124.270] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0124.271] lstrlenW (lpString="|run|") returned 5 [0124.271] lstrlenW (lpString="|XML|") returned 5 [0124.271] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0 [0124.271] RtlRestoreLastWin32Error () returned 0x490 [0124.271] lstrlenW (lpString="end") returned 3 [0124.271] lstrlenW (lpString="end") returned 3 [0124.271] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.271] lstrlenW (lpString="XML") returned 3 [0124.271] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.271] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5 [0124.271] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0124.271] lstrlenW (lpString="|end|") returned 5 [0124.271] lstrlenW (lpString="|XML|") returned 5 [0124.271] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0 [0124.271] RtlRestoreLastWin32Error () returned 0x490 [0124.271] lstrlenW (lpString="showsid") returned 7 [0124.271] lstrlenW (lpString="showsid") returned 7 [0124.271] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.271] lstrlenW (lpString="XML") returned 3 [0124.271] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.271] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9 [0124.271] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0124.271] lstrlenW (lpString="|showsid|") returned 9 [0124.271] lstrlenW (lpString="|XML|") returned 5 [0124.271] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0 [0124.271] RtlRestoreLastWin32Error () returned 0x490 [0124.271] RtlRestoreLastWin32Error () returned 0x490 [0124.271] RtlRestoreLastWin32Error () returned 0x0 [0124.271] lstrlenW (lpString="/XML") returned 4 [0124.271] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0 [0124.271] RtlRestoreLastWin32Error () returned 0x490 [0124.271] RtlRestoreLastWin32Error () returned 0x0 [0124.271] lstrlenW (lpString="/XML") returned 4 [0124.271] GetProcessHeap () returned 0x600000 [0124.271] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0xa) returned 0x6074d0 [0124.271] GetProcessHeap () returned 0x600000 [0124.271] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609590 [0124.271] RtlRestoreLastWin32Error () returned 0x0 [0124.272] RtlRestoreLastWin32Error () returned 0x0 [0124.272] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.272] lstrlenW (lpString="-/") returned 2 [0124.272] StrChrIW (lpStart="-/", wMatch=0x820043) returned 0x0 [0124.272] RtlRestoreLastWin32Error () returned 0x490 [0124.272] RtlRestoreLastWin32Error () returned 0x490 [0124.272] RtlRestoreLastWin32Error () returned 0x0 [0124.272] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.272] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp" [0124.272] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.272] GetProcessHeap () returned 0x600000 [0124.272] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x607368 [0124.272] _memicmp (_Buf1=0x607368, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.272] GetProcessHeap () returned 0x600000 [0124.272] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0xc) returned 0x607380 [0124.272] GetProcessHeap () returned 0x600000 [0124.272] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x60ad08 [0124.272] _memicmp (_Buf1=0x60ad08, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.272] GetProcessHeap () returned 0x600000 [0124.272] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x6e) returned 0x60adb0 [0124.272] RtlRestoreLastWin32Error () returned 0x7a [0124.272] RtlRestoreLastWin32Error () returned 0x0 [0124.272] RtlRestoreLastWin32Error () returned 0x0 [0124.272] lstrlenW (lpString="C") returned 1 [0124.272] RtlRestoreLastWin32Error () returned 0x490 [0124.272] RtlRestoreLastWin32Error () returned 0x0 [0124.272] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.272] GetProcessHeap () returned 0x600000 [0124.272] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x6a) returned 0x60ae28 [0124.272] GetProcessHeap () returned 0x600000 [0124.272] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6093b0 [0124.272] RtlRestoreLastWin32Error () returned 0x0 [0124.272] GetProcessHeap () returned 0x600000 [0124.272] GetProcessHeap () returned 0x600000 [0124.272] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606c78) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606c78) returned 0x8 [0124.273] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606c78) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609550) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609550) returned 0x14 [0124.273] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609550) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6070d8) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6070d8) returned 0x2c [0124.273] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6070d8) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6096f0) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6096f0) returned 0x14 [0124.273] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6096f0) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6074d0) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6074d0) returned 0xa [0124.273] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6074d0) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609590) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609590) returned 0x14 [0124.273] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609590) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x60ae28) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x60ae28) returned 0x6a [0124.273] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x60ae28) returned 1 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] GetProcessHeap () returned 0x600000 [0124.273] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6093b0) returned 1 [0124.274] GetProcessHeap () returned 0x600000 [0124.274] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6093b0) returned 0x14 [0124.274] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6093b0) returned 1 [0124.274] GetProcessHeap () returned 0x600000 [0124.274] GetProcessHeap () returned 0x600000 [0124.274] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6073b0) returned 1 [0124.274] GetProcessHeap () returned 0x600000 [0124.274] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6073b0) returned 0x10 [0124.274] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6073b0) returned 1 [0124.274] RtlRestoreLastWin32Error () returned 0x0 [0124.274] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0124.274] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0124.274] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0124.274] RtlVerifyVersionInfo (VersionInfo=0xdce60, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0124.274] RtlRestoreLastWin32Error () returned 0x0 [0124.274] lstrlenW (lpString="create") returned 6 [0124.274] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0 [0124.274] RtlRestoreLastWin32Error () returned 0x490 [0124.274] RtlRestoreLastWin32Error () returned 0x0 [0124.274] lstrlenW (lpString="create") returned 6 [0124.274] GetProcessHeap () returned 0x600000 [0124.274] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x609570 [0124.274] GetProcessHeap () returned 0x600000 [0124.274] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x60ad20 [0124.274] _memicmp (_Buf1=0x60ad20, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.274] GetProcessHeap () returned 0x600000 [0124.274] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x16) returned 0x609630 [0124.274] RtlRestoreLastWin32Error () returned 0x0 [0124.274] _memicmp (_Buf1=0x607410, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.274] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x608ce8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0124.275] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdcf6c | out: lpdwHandle=0xdcf6c) returned 0x76c [0124.275] GetProcessHeap () returned 0x600000 [0124.275] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x776) returned 0x609dc0 [0124.275] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x609dc0 | out: lpData=0x609dc0) returned 1 [0124.275] VerQueryValueW (in: pBlock=0x609dc0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdcf74, puLen=0xdcf78 | out: lplpBuffer=0xdcf74*=0x60a170, puLen=0xdcf78) returned 1 [0124.275] _memicmp (_Buf1=0x607410, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.275] _vsnwprintf (in: _Buffer=0x608ce8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdcf58 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0124.275] VerQueryValueW (in: pBlock=0x609dc0, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdcf84, puLen=0xdcf80 | out: lplpBuffer=0xdcf84*=0x609fa0, puLen=0xdcf80) returned 1 [0124.275] lstrlenW (lpString="schtasks.exe") returned 12 [0124.275] lstrlenW (lpString="schtasks.exe") returned 12 [0124.275] lstrlenW (lpString=".EXE") returned 4 [0124.275] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0124.275] lstrlenW (lpString="schtasks.exe") returned 12 [0124.275] lstrlenW (lpString=".EXE") returned 4 [0124.275] lstrlenW (lpString="schtasks") returned 8 [0124.275] lstrlenW (lpString="/create") returned 7 [0124.275] _memicmp (_Buf1=0x607410, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.275] _vsnwprintf (in: _Buffer=0x608ce8, _BufferCount=0x19, _Format="%s %s", _ArgList=0xdcf58 | out: _Buffer="schtasks /create") returned 16 [0124.275] _memicmp (_Buf1=0x607440, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.275] GetProcessHeap () returned 0x600000 [0124.275] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x6096d0 [0124.275] _memicmp (_Buf1=0x607458, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.275] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x60a7a0, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0124.275] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0124.275] GetProcessHeap () returned 0x600000 [0124.275] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x30) returned 0x6070d8 [0124.275] _vsnwprintf (in: _Buffer=0x6069e8, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdcf5c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37 [0124.275] GetProcessHeap () returned 0x600000 [0124.276] GetProcessHeap () returned 0x600000 [0124.276] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609dc0) returned 1 [0124.276] GetProcessHeap () returned 0x600000 [0124.276] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609dc0) returned 0x776 [0124.276] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609dc0) returned 1 [0124.276] RtlRestoreLastWin32Error () returned 0x0 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="create") returned 6 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="?") returned 1 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="s") returned 1 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="u") returned 1 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="p") returned 1 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="ru") returned 2 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="rp") returned 2 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="sc") returned 2 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="mo") returned 2 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="d") returned 1 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.276] lstrlenW (lpString="m") returned 1 [0124.276] GetThreadLocale () returned 0x409 [0124.276] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="i") returned 1 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="tn") returned 2 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="tr") returned 2 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="st") returned 2 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="sd") returned 2 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="ed") returned 2 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="it") returned 2 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="et") returned 2 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="k") returned 1 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="du") returned 2 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="ri") returned 2 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="z") returned 1 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="f") returned 1 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="v1") returned 2 [0124.277] GetThreadLocale () returned 0x409 [0124.277] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.277] lstrlenW (lpString="xml") returned 3 [0124.278] GetThreadLocale () returned 0x409 [0124.278] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.278] lstrlenW (lpString="ec") returned 2 [0124.278] GetThreadLocale () returned 0x409 [0124.278] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.278] lstrlenW (lpString="rl") returned 2 [0124.278] GetThreadLocale () returned 0x409 [0124.278] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.278] lstrlenW (lpString="delay") returned 5 [0124.278] GetThreadLocale () returned 0x409 [0124.278] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.278] lstrlenW (lpString="np") returned 2 [0124.278] GetThreadLocale () returned 0x409 [0124.278] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0124.278] lstrlenW (lpString="hresult") returned 7 [0124.278] RtlRestoreLastWin32Error () returned 0x0 [0124.278] RtlRestoreLastWin32Error () returned 0x0 [0124.278] lstrlenW (lpString="/Create") returned 7 [0124.278] lstrlenW (lpString="-/") returned 2 [0124.278] StrChrIW (lpStart="-/", wMatch=0x82002f) returned="/" [0124.278] lstrlenW (lpString="create") returned 6 [0124.278] lstrlenW (lpString="create") returned 6 [0124.278] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.278] lstrlenW (lpString="Create") returned 6 [0124.278] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.278] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8 [0124.278] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|Create|") returned 8 [0124.278] lstrlenW (lpString="|create|") returned 8 [0124.278] lstrlenW (lpString="|Create|") returned 8 [0124.278] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0124.278] RtlRestoreLastWin32Error () returned 0x0 [0124.278] RtlRestoreLastWin32Error () returned 0x0 [0124.278] RtlRestoreLastWin32Error () returned 0x0 [0124.278] lstrlenW (lpString="/TN") returned 3 [0124.278] lstrlenW (lpString="-/") returned 2 [0124.278] StrChrIW (lpStart="-/", wMatch=0x82002f) returned="/" [0124.278] lstrlenW (lpString="create") returned 6 [0124.278] lstrlenW (lpString="create") returned 6 [0124.278] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.278] lstrlenW (lpString="TN") returned 2 [0124.279] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.279] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8 [0124.279] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.279] lstrlenW (lpString="|create|") returned 8 [0124.279] lstrlenW (lpString="|TN|") returned 4 [0124.279] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0124.279] RtlRestoreLastWin32Error () returned 0x490 [0124.279] lstrlenW (lpString="?") returned 1 [0124.279] lstrlenW (lpString="?") returned 1 [0124.279] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.279] lstrlenW (lpString="TN") returned 2 [0124.279] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.279] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3 [0124.279] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.279] lstrlenW (lpString="|?|") returned 3 [0124.279] lstrlenW (lpString="|TN|") returned 4 [0124.279] RtlRestoreLastWin32Error () returned 0x490 [0124.279] lstrlenW (lpString="s") returned 1 [0124.279] lstrlenW (lpString="s") returned 1 [0124.279] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.279] lstrlenW (lpString="TN") returned 2 [0124.279] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.279] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3 [0124.279] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.279] lstrlenW (lpString="|s|") returned 3 [0124.279] lstrlenW (lpString="|TN|") returned 4 [0124.279] RtlRestoreLastWin32Error () returned 0x490 [0124.279] lstrlenW (lpString="u") returned 1 [0124.279] lstrlenW (lpString="u") returned 1 [0124.279] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.279] lstrlenW (lpString="TN") returned 2 [0124.279] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.279] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3 [0124.280] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.280] lstrlenW (lpString="|u|") returned 3 [0124.280] lstrlenW (lpString="|TN|") returned 4 [0124.280] RtlRestoreLastWin32Error () returned 0x490 [0124.280] lstrlenW (lpString="p") returned 1 [0124.280] lstrlenW (lpString="p") returned 1 [0124.280] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.280] lstrlenW (lpString="TN") returned 2 [0124.280] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.280] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3 [0124.280] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.280] lstrlenW (lpString="|p|") returned 3 [0124.280] lstrlenW (lpString="|TN|") returned 4 [0124.280] RtlRestoreLastWin32Error () returned 0x490 [0124.280] lstrlenW (lpString="ru") returned 2 [0124.280] lstrlenW (lpString="ru") returned 2 [0124.280] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.280] lstrlenW (lpString="TN") returned 2 [0124.280] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.280] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4 [0124.280] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.280] lstrlenW (lpString="|ru|") returned 4 [0124.280] lstrlenW (lpString="|TN|") returned 4 [0124.280] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0 [0124.280] RtlRestoreLastWin32Error () returned 0x490 [0124.280] lstrlenW (lpString="rp") returned 2 [0124.280] lstrlenW (lpString="rp") returned 2 [0124.280] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.280] lstrlenW (lpString="TN") returned 2 [0124.280] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.280] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4 [0124.280] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.280] lstrlenW (lpString="|rp|") returned 4 [0124.280] lstrlenW (lpString="|TN|") returned 4 [0124.280] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0 [0124.280] RtlRestoreLastWin32Error () returned 0x490 [0124.280] lstrlenW (lpString="sc") returned 2 [0124.281] lstrlenW (lpString="sc") returned 2 [0124.281] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.281] lstrlenW (lpString="TN") returned 2 [0124.281] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.281] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4 [0124.281] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.281] lstrlenW (lpString="|sc|") returned 4 [0124.281] lstrlenW (lpString="|TN|") returned 4 [0124.281] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0 [0124.281] RtlRestoreLastWin32Error () returned 0x490 [0124.281] lstrlenW (lpString="mo") returned 2 [0124.281] lstrlenW (lpString="mo") returned 2 [0124.281] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.281] lstrlenW (lpString="TN") returned 2 [0124.281] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.281] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4 [0124.281] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.281] lstrlenW (lpString="|mo|") returned 4 [0124.281] lstrlenW (lpString="|TN|") returned 4 [0124.281] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0 [0124.281] RtlRestoreLastWin32Error () returned 0x490 [0124.281] lstrlenW (lpString="d") returned 1 [0124.281] lstrlenW (lpString="d") returned 1 [0124.281] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.281] lstrlenW (lpString="TN") returned 2 [0124.281] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.281] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3 [0124.281] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.281] lstrlenW (lpString="|d|") returned 3 [0124.281] lstrlenW (lpString="|TN|") returned 4 [0124.281] RtlRestoreLastWin32Error () returned 0x490 [0124.281] lstrlenW (lpString="m") returned 1 [0124.281] lstrlenW (lpString="m") returned 1 [0124.281] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.281] lstrlenW (lpString="TN") returned 2 [0124.281] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.281] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3 [0124.281] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.282] lstrlenW (lpString="|m|") returned 3 [0124.282] lstrlenW (lpString="|TN|") returned 4 [0124.282] RtlRestoreLastWin32Error () returned 0x490 [0124.282] lstrlenW (lpString="i") returned 1 [0124.282] lstrlenW (lpString="i") returned 1 [0124.282] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.282] lstrlenW (lpString="TN") returned 2 [0124.282] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.282] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3 [0124.282] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.282] lstrlenW (lpString="|i|") returned 3 [0124.282] lstrlenW (lpString="|TN|") returned 4 [0124.282] RtlRestoreLastWin32Error () returned 0x490 [0124.282] lstrlenW (lpString="tn") returned 2 [0124.282] lstrlenW (lpString="tn") returned 2 [0124.282] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.282] lstrlenW (lpString="TN") returned 2 [0124.282] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.282] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4 [0124.282] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0124.282] lstrlenW (lpString="|tn|") returned 4 [0124.282] lstrlenW (lpString="|TN|") returned 4 [0124.282] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|" [0124.282] RtlRestoreLastWin32Error () returned 0x0 [0124.282] RtlRestoreLastWin32Error () returned 0x0 [0124.282] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0124.282] lstrlenW (lpString="-/") returned 2 [0124.282] StrChrIW (lpStart="-/", wMatch=0x820055) returned 0x0 [0124.282] RtlRestoreLastWin32Error () returned 0x490 [0124.282] RtlRestoreLastWin32Error () returned 0x490 [0124.282] RtlRestoreLastWin32Error () returned 0x0 [0124.282] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0124.282] StrChrIW (lpStart="Updates\\xlpVvRzhctudF", wMatch=0x3a) returned 0x0 [0124.282] RtlRestoreLastWin32Error () returned 0x490 [0124.282] RtlRestoreLastWin32Error () returned 0x0 [0124.282] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0124.282] RtlRestoreLastWin32Error () returned 0x0 [0124.282] RtlRestoreLastWin32Error () returned 0x0 [0124.282] lstrlenW (lpString="/XML") returned 4 [0124.282] lstrlenW (lpString="-/") returned 2 [0124.282] StrChrIW (lpStart="-/", wMatch=0x82002f) returned="/" [0124.283] lstrlenW (lpString="create") returned 6 [0124.283] lstrlenW (lpString="create") returned 6 [0124.283] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.283] lstrlenW (lpString="XML") returned 3 [0124.283] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.283] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8 [0124.283] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.283] lstrlenW (lpString="|create|") returned 8 [0124.283] lstrlenW (lpString="|XML|") returned 5 [0124.283] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0124.283] RtlRestoreLastWin32Error () returned 0x490 [0124.283] lstrlenW (lpString="?") returned 1 [0124.283] lstrlenW (lpString="?") returned 1 [0124.283] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.283] lstrlenW (lpString="XML") returned 3 [0124.283] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.283] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3 [0124.283] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.283] lstrlenW (lpString="|?|") returned 3 [0124.283] lstrlenW (lpString="|XML|") returned 5 [0124.283] RtlRestoreLastWin32Error () returned 0x490 [0124.283] lstrlenW (lpString="s") returned 1 [0124.283] lstrlenW (lpString="s") returned 1 [0124.283] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.283] lstrlenW (lpString="XML") returned 3 [0124.283] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.283] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3 [0124.283] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.283] lstrlenW (lpString="|s|") returned 3 [0124.283] lstrlenW (lpString="|XML|") returned 5 [0124.283] RtlRestoreLastWin32Error () returned 0x490 [0124.283] lstrlenW (lpString="u") returned 1 [0124.283] lstrlenW (lpString="u") returned 1 [0124.283] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.283] lstrlenW (lpString="XML") returned 3 [0124.283] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.283] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3 [0124.284] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.284] lstrlenW (lpString="|u|") returned 3 [0124.284] lstrlenW (lpString="|XML|") returned 5 [0124.284] RtlRestoreLastWin32Error () returned 0x490 [0124.284] lstrlenW (lpString="p") returned 1 [0124.284] lstrlenW (lpString="p") returned 1 [0124.284] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.284] lstrlenW (lpString="XML") returned 3 [0124.284] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.284] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3 [0124.284] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.284] lstrlenW (lpString="|p|") returned 3 [0124.284] lstrlenW (lpString="|XML|") returned 5 [0124.284] RtlRestoreLastWin32Error () returned 0x490 [0124.284] lstrlenW (lpString="ru") returned 2 [0124.284] lstrlenW (lpString="ru") returned 2 [0124.284] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.284] lstrlenW (lpString="XML") returned 3 [0124.284] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.284] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4 [0124.284] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.284] lstrlenW (lpString="|ru|") returned 4 [0124.284] lstrlenW (lpString="|XML|") returned 5 [0124.284] RtlRestoreLastWin32Error () returned 0x490 [0124.284] lstrlenW (lpString="rp") returned 2 [0124.284] lstrlenW (lpString="rp") returned 2 [0124.284] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.284] lstrlenW (lpString="XML") returned 3 [0124.284] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.284] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4 [0124.284] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.284] lstrlenW (lpString="|rp|") returned 4 [0124.284] lstrlenW (lpString="|XML|") returned 5 [0124.284] RtlRestoreLastWin32Error () returned 0x490 [0124.284] lstrlenW (lpString="sc") returned 2 [0124.284] lstrlenW (lpString="sc") returned 2 [0124.284] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.284] lstrlenW (lpString="XML") returned 3 [0124.285] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.285] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4 [0124.285] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.285] lstrlenW (lpString="|sc|") returned 4 [0124.285] lstrlenW (lpString="|XML|") returned 5 [0124.285] RtlRestoreLastWin32Error () returned 0x490 [0124.285] lstrlenW (lpString="mo") returned 2 [0124.285] lstrlenW (lpString="mo") returned 2 [0124.285] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.285] lstrlenW (lpString="XML") returned 3 [0124.285] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.285] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4 [0124.285] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.285] lstrlenW (lpString="|mo|") returned 4 [0124.285] lstrlenW (lpString="|XML|") returned 5 [0124.285] RtlRestoreLastWin32Error () returned 0x490 [0124.285] lstrlenW (lpString="d") returned 1 [0124.285] lstrlenW (lpString="d") returned 1 [0124.285] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.285] lstrlenW (lpString="XML") returned 3 [0124.285] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.285] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3 [0124.285] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.285] lstrlenW (lpString="|d|") returned 3 [0124.285] lstrlenW (lpString="|XML|") returned 5 [0124.285] RtlRestoreLastWin32Error () returned 0x490 [0124.285] lstrlenW (lpString="m") returned 1 [0124.285] lstrlenW (lpString="m") returned 1 [0124.285] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.285] lstrlenW (lpString="XML") returned 3 [0124.285] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.285] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3 [0124.285] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.285] lstrlenW (lpString="|m|") returned 3 [0124.285] lstrlenW (lpString="|XML|") returned 5 [0124.285] RtlRestoreLastWin32Error () returned 0x490 [0124.285] lstrlenW (lpString="i") returned 1 [0124.285] lstrlenW (lpString="i") returned 1 [0124.285] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.286] lstrlenW (lpString="XML") returned 3 [0124.286] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.286] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3 [0124.286] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.286] lstrlenW (lpString="|i|") returned 3 [0124.286] lstrlenW (lpString="|XML|") returned 5 [0124.286] RtlRestoreLastWin32Error () returned 0x490 [0124.286] lstrlenW (lpString="tn") returned 2 [0124.286] lstrlenW (lpString="tn") returned 2 [0124.286] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.286] lstrlenW (lpString="XML") returned 3 [0124.286] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.286] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4 [0124.286] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.286] lstrlenW (lpString="|tn|") returned 4 [0124.286] lstrlenW (lpString="|XML|") returned 5 [0124.286] RtlRestoreLastWin32Error () returned 0x490 [0124.286] lstrlenW (lpString="tr") returned 2 [0124.286] lstrlenW (lpString="tr") returned 2 [0124.286] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.286] lstrlenW (lpString="XML") returned 3 [0124.286] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.286] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tr|") returned 4 [0124.286] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.286] lstrlenW (lpString="|tr|") returned 4 [0124.286] lstrlenW (lpString="|XML|") returned 5 [0124.286] RtlRestoreLastWin32Error () returned 0x490 [0124.286] lstrlenW (lpString="st") returned 2 [0124.286] lstrlenW (lpString="st") returned 2 [0124.286] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.286] lstrlenW (lpString="XML") returned 3 [0124.286] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.286] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|st|") returned 4 [0124.286] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.286] lstrlenW (lpString="|st|") returned 4 [0124.286] lstrlenW (lpString="|XML|") returned 5 [0124.286] RtlRestoreLastWin32Error () returned 0x490 [0124.286] lstrlenW (lpString="sd") returned 2 [0124.287] lstrlenW (lpString="sd") returned 2 [0124.287] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.287] lstrlenW (lpString="XML") returned 3 [0124.287] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.287] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sd|") returned 4 [0124.287] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.287] lstrlenW (lpString="|sd|") returned 4 [0124.287] lstrlenW (lpString="|XML|") returned 5 [0124.287] RtlRestoreLastWin32Error () returned 0x490 [0124.287] lstrlenW (lpString="ed") returned 2 [0124.287] lstrlenW (lpString="ed") returned 2 [0124.287] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.287] lstrlenW (lpString="XML") returned 3 [0124.287] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.287] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ed|") returned 4 [0124.287] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.287] lstrlenW (lpString="|ed|") returned 4 [0124.287] lstrlenW (lpString="|XML|") returned 5 [0124.287] RtlRestoreLastWin32Error () returned 0x490 [0124.287] lstrlenW (lpString="it") returned 2 [0124.287] lstrlenW (lpString="it") returned 2 [0124.287] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.287] lstrlenW (lpString="XML") returned 3 [0124.287] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.287] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|it|") returned 4 [0124.287] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.287] lstrlenW (lpString="|it|") returned 4 [0124.287] lstrlenW (lpString="|XML|") returned 5 [0124.287] RtlRestoreLastWin32Error () returned 0x490 [0124.287] lstrlenW (lpString="et") returned 2 [0124.287] lstrlenW (lpString="et") returned 2 [0124.287] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.288] lstrlenW (lpString="XML") returned 3 [0124.288] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.288] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|et|") returned 4 [0124.288] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.288] lstrlenW (lpString="|et|") returned 4 [0124.288] lstrlenW (lpString="|XML|") returned 5 [0124.288] RtlRestoreLastWin32Error () returned 0x490 [0124.288] lstrlenW (lpString="k") returned 1 [0124.288] lstrlenW (lpString="k") returned 1 [0124.288] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.288] lstrlenW (lpString="XML") returned 3 [0124.288] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.288] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|k|") returned 3 [0124.288] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.288] lstrlenW (lpString="|k|") returned 3 [0124.288] lstrlenW (lpString="|XML|") returned 5 [0124.288] RtlRestoreLastWin32Error () returned 0x490 [0124.288] lstrlenW (lpString="du") returned 2 [0124.288] lstrlenW (lpString="du") returned 2 [0124.288] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.288] lstrlenW (lpString="XML") returned 3 [0124.288] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.288] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|du|") returned 4 [0124.288] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.288] lstrlenW (lpString="|du|") returned 4 [0124.288] lstrlenW (lpString="|XML|") returned 5 [0124.288] RtlRestoreLastWin32Error () returned 0x490 [0124.288] lstrlenW (lpString="ri") returned 2 [0124.288] lstrlenW (lpString="ri") returned 2 [0124.288] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.288] lstrlenW (lpString="XML") returned 3 [0124.288] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.288] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ri|") returned 4 [0124.288] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.288] lstrlenW (lpString="|ri|") returned 4 [0124.288] lstrlenW (lpString="|XML|") returned 5 [0124.288] RtlRestoreLastWin32Error () returned 0x490 [0124.288] lstrlenW (lpString="z") returned 1 [0124.289] lstrlenW (lpString="z") returned 1 [0124.289] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.289] lstrlenW (lpString="XML") returned 3 [0124.289] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.289] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|z|") returned 3 [0124.289] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.289] lstrlenW (lpString="|z|") returned 3 [0124.289] lstrlenW (lpString="|XML|") returned 5 [0124.289] RtlRestoreLastWin32Error () returned 0x490 [0124.289] lstrlenW (lpString="f") returned 1 [0124.289] lstrlenW (lpString="f") returned 1 [0124.289] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.289] lstrlenW (lpString="XML") returned 3 [0124.289] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.289] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|f|") returned 3 [0124.289] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.289] lstrlenW (lpString="|f|") returned 3 [0124.289] lstrlenW (lpString="|XML|") returned 5 [0124.289] RtlRestoreLastWin32Error () returned 0x490 [0124.289] lstrlenW (lpString="v1") returned 2 [0124.289] lstrlenW (lpString="v1") returned 2 [0124.289] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.289] lstrlenW (lpString="XML") returned 3 [0124.289] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.289] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|v1|") returned 4 [0124.289] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.289] lstrlenW (lpString="|v1|") returned 4 [0124.289] lstrlenW (lpString="|XML|") returned 5 [0124.289] RtlRestoreLastWin32Error () returned 0x490 [0124.289] lstrlenW (lpString="xml") returned 3 [0124.289] lstrlenW (lpString="xml") returned 3 [0124.289] _memicmp (_Buf1=0x607470, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.289] lstrlenW (lpString="XML") returned 3 [0124.289] _memicmp (_Buf1=0x607338, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.289] _vsnwprintf (in: _Buffer=0x609330, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|xml|") returned 5 [0124.289] _vsnwprintf (in: _Buffer=0x6094f0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0124.289] lstrlenW (lpString="|xml|") returned 5 [0124.290] lstrlenW (lpString="|XML|") returned 5 [0124.290] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|" [0124.290] RtlRestoreLastWin32Error () returned 0x0 [0124.290] RtlRestoreLastWin32Error () returned 0x0 [0124.290] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.290] lstrlenW (lpString="-/") returned 2 [0124.290] StrChrIW (lpStart="-/", wMatch=0x820043) returned 0x0 [0124.290] RtlRestoreLastWin32Error () returned 0x490 [0124.290] RtlRestoreLastWin32Error () returned 0x490 [0124.290] RtlRestoreLastWin32Error () returned 0x0 [0124.290] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.290] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp" [0124.290] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.290] _memicmp (_Buf1=0x607368, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.290] _memicmp (_Buf1=0x60ad08, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.290] RtlRestoreLastWin32Error () returned 0x7a [0124.290] RtlRestoreLastWin32Error () returned 0x0 [0124.290] RtlRestoreLastWin32Error () returned 0x0 [0124.290] lstrlenW (lpString="C") returned 1 [0124.290] RtlRestoreLastWin32Error () returned 0x490 [0124.290] RtlRestoreLastWin32Error () returned 0x0 [0124.290] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.290] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.290] GetProcessHeap () returned 0x600000 [0124.290] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x6a) returned 0x60ae28 [0124.290] RtlRestoreLastWin32Error () returned 0x0 [0124.290] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.290] RtlRestoreLastWin32Error () returned 0x0 [0124.290] GetProcessHeap () returned 0x600000 [0124.290] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x1fc) returned 0x609dc0 [0124.291] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0124.296] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0124.310] CoCreateInstance (in: rclsid=0xa326c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xa326d0*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xdd39c | out: ppv=0xdd39c*=0x823758) returned 0x0 [0124.551] TaskScheduler:ITaskService:Connect (This=0x823758, serverName=0xdd34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0xdd35c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0xdd36c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0xdd37c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0124.557] TaskScheduler:ITaskService:GetFolder (in: This=0x823758, Path=0x0, ppFolder=0xdd464 | out: ppFolder=0xdd464*=0x823880) returned 0x0 [0124.559] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp43d6.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0xffffffff [0124.560] GetLastError () returned 0x2 [0124.560] __iob_func () returned 0x74341208 [0124.560] GetLastError () returned 0x2 [0124.560] FormatMessageW (in: dwFlags=0x1300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0xdcd80, nSize=0x0, Arguments=0x0 | out: lpBuffer="鋀a퐄\r냖¤\r") returned 0x2c [0124.579] GetLastError () returned 0x2 [0124.579] lstrlenW (lpString="The system cannot find the file specified.\r\n") returned 44 [0124.579] GetProcessHeap () returned 0x600000 [0124.579] GetProcessHeap () returned 0x600000 [0124.579] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x600598) returned 1 [0124.579] GetProcessHeap () returned 0x600000 [0124.579] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x600598) returned 0x2 [0124.579] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x600598) returned 1 [0124.579] GetProcessHeap () returned 0x600000 [0124.579] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x5a) returned 0x619328 [0124.579] RtlRestoreLastWin32Error () returned 0x2 [0124.579] LocalFree (hMem=0x6192c0) returned 0x0 [0124.579] GetProcessHeap () returned 0x600000 [0124.579] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x14) returned 0x611b30 [0124.579] _memicmp (_Buf1=0x607458, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.579] LoadStringW (in: hInstance=0x0, uID=0x1389, lpBuffer=0x60a7a0, cchBufferMax=256 | out: lpBuffer="ERROR:") returned 0x6 [0124.579] lstrlenW (lpString="ERROR:") returned 6 [0124.579] GetProcessHeap () returned 0x600000 [0124.579] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0xe) returned 0x60ab70 [0124.579] GetProcessHeap () returned 0x600000 [0124.579] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x10) returned 0x60ab10 [0124.579] _memicmp (_Buf1=0x60ab10, _Buf2=0xa32708, _Size=0x7) returned 0 [0124.579] GetProcessHeap () returned 0x600000 [0124.579] RtlAllocateHeap (HeapHandle=0x600000, Flags=0xc, Size=0x1000) returned 0x61a748 [0124.579] _vsnwprintf (in: _Buffer=0x61a748, _BufferCount=0x7ff, _Format="%s ", _ArgList=0xdcd84 | out: _Buffer="ERROR: ") returned 7 [0124.580] _fileno (_File=0x74341248) returned 2 [0124.580] _errno () returned 0x8205b0 [0124.580] _get_osfhandle (_FileHandle=2) returned 0x40 [0124.580] _errno () returned 0x8205b0 [0124.580] GetFileType (hFile=0x40) returned 0x2 [0124.580] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0124.580] GetFileType (hFile=0x40) returned 0x2 [0124.580] GetConsoleMode (in: hConsoleHandle=0x40, lpMode=0xdcd2c | out: lpMode=0xdcd2c) returned 1 [0124.581] __iob_func () returned 0x74341208 [0124.581] __iob_func () returned 0x74341208 [0124.581] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0124.581] lstrlenW (lpString="ERROR: ") returned 7 [0124.581] WriteConsoleW (in: hConsoleOutput=0x40, lpBuffer=0x61a748*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xdcd50, lpReserved=0x0 | out: lpBuffer=0x61a748*, lpNumberOfCharsWritten=0xdcd50*=0x7) returned 1 [0124.583] _fileno (_File=0x74341248) returned 2 [0124.583] _errno () returned 0x8205b0 [0124.583] _get_osfhandle (_FileHandle=2) returned 0x40 [0124.583] _errno () returned 0x8205b0 [0124.583] GetFileType (hFile=0x40) returned 0x2 [0124.583] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0124.583] GetFileType (hFile=0x40) returned 0x2 [0124.583] GetConsoleMode (in: hConsoleHandle=0x40, lpMode=0xdcd58 | out: lpMode=0xdcd58) returned 1 [0124.584] __iob_func () returned 0x74341208 [0124.584] __iob_func () returned 0x74341208 [0124.584] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0124.584] lstrlenW (lpString="The system cannot find the file specified.\r\n") returned 44 [0124.584] WriteConsoleW (in: hConsoleOutput=0x40, lpBuffer=0x619328*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0xdcd7c, lpReserved=0x0 | out: lpBuffer=0x619328*, lpNumberOfCharsWritten=0xdcd7c*=0x2c) returned 1 [0124.584] TaskScheduler:IUnknown:Release (This=0x823880) returned 0x0 [0124.584] TaskScheduler:IUnknown:Release (This=0x823758) returned 0x0 [0124.584] lstrlenW (lpString="") returned 0 [0124.584] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp") returned 52 [0124.584] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp43D6.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0124.584] GetProcessHeap () returned 0x600000 [0124.584] GetProcessHeap () returned 0x600000 [0124.584] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609dc0) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609dc0) returned 0x1fc [0124.585] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609dc0) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x60ae28) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x60ae28) returned 0x6a [0124.585] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x60ae28) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609630) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609630) returned 0x16 [0124.585] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609630) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x60ad20) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x60ad20) returned 0x10 [0124.585] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x60ad20) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609570) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609570) returned 0x14 [0124.585] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609570) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6069e8) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6069e8) returned 0xa0 [0124.585] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6069e8) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x607440) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x607440) returned 0x10 [0124.585] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x607440) returned 1 [0124.585] GetProcessHeap () returned 0x600000 [0124.585] GetProcessHeap () returned 0x600000 [0124.586] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609530) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609530) returned 0x14 [0124.586] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609530) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x60adb0) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x60adb0) returned 0x6e [0124.586] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x60adb0) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x60ad08) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x60ad08) returned 0x10 [0124.586] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x60ad08) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6095b0) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6095b0) returned 0x14 [0124.586] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6095b0) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x607380) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x607380) returned 0xc [0124.586] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x607380) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x607368) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x607368) returned 0x10 [0124.586] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x607368) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609670) returned 1 [0124.586] GetProcessHeap () returned 0x600000 [0124.586] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609670) returned 0x14 [0124.586] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609670) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x608ce8) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x608ce8) returned 0x208 [0124.587] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x608ce8) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x607410) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x607410) returned 0x10 [0124.587] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x607410) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609370) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609370) returned 0x14 [0124.587] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609370) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x60a7a0) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x60a7a0) returned 0x200 [0124.587] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x60a7a0) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x607458) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x607458) returned 0x10 [0124.587] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x607458) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609490) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609490) returned 0x14 [0124.587] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609490) returned 1 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] GetProcessHeap () returned 0x600000 [0124.587] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x61a748) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x61a748) returned 0x1000 [0124.588] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x61a748) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x60ab10) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x60ab10) returned 0x10 [0124.588] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x60ab10) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609610) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609610) returned 0x14 [0124.588] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609610) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6094f0) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6094f0) returned 0x14 [0124.588] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6094f0) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x607338) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x607338) returned 0x10 [0124.588] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x607338) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x602788) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x602788) returned 0x14 [0124.588] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x602788) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609330) returned 1 [0124.588] GetProcessHeap () returned 0x600000 [0124.588] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609330) returned 0x16 [0124.589] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609330) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x607470) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x607470) returned 0x10 [0124.589] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x607470) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606620) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606620) returned 0x14 [0124.589] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606620) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x619328) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x619328) returned 0x5a [0124.589] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x619328) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606e50) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606e50) returned 0x14 [0124.589] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606e50) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606c18) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606c18) returned 0x14 [0124.589] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606c18) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606c38) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606c38) returned 0x14 [0124.589] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606c38) returned 1 [0124.589] GetProcessHeap () returned 0x600000 [0124.589] GetProcessHeap () returned 0x600000 [0124.590] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606c58) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606c58) returned 0x14 [0124.590] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606c58) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609430) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609430) returned 0x14 [0124.590] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609430) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6096b0) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6096b0) returned 0x14 [0124.590] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6096b0) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606a90) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606a90) returned 0x30 [0124.590] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606a90) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609470) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609470) returned 0x14 [0124.590] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609470) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6070d8) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6070d8) returned 0x30 [0124.590] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6070d8) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6096d0) returned 1 [0124.590] GetProcessHeap () returned 0x600000 [0124.590] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6096d0) returned 0x14 [0124.591] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6096d0) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x60ab70) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x60ab70) returned 0xe [0124.591] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x60ab70) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x611b30) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x611b30) returned 0x14 [0124.591] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x611b30) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x607350) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x607350) returned 0x10 [0124.591] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x607350) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606848) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606848) returned 0x14 [0124.591] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606848) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606868) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606868) returned 0x14 [0124.591] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606868) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606888) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606888) returned 0x14 [0124.591] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606888) returned 1 [0124.591] GetProcessHeap () returned 0x600000 [0124.591] GetProcessHeap () returned 0x600000 [0124.592] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6065e0) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6065e0) returned 0x14 [0124.592] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6065e0) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6073c8) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6073c8) returned 0x10 [0124.592] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6073c8) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x606600) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x606600) returned 0x14 [0124.592] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x606600) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6027a8) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6027a8) returned 0x14 [0124.592] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6027a8) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609350) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609350) returned 0x14 [0124.592] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609350) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x609450) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x609450) returned 0x14 [0124.592] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x609450) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6095d0) returned 1 [0124.592] GetProcessHeap () returned 0x600000 [0124.592] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6095d0) returned 0x14 [0124.593] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6095d0) returned 1 [0124.593] GetProcessHeap () returned 0x600000 [0124.593] GetProcessHeap () returned 0x600000 [0124.593] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6073f8) returned 1 [0124.593] GetProcessHeap () returned 0x600000 [0124.593] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6073f8) returned 0x10 [0124.593] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6073f8) returned 1 [0124.593] GetProcessHeap () returned 0x600000 [0124.593] GetProcessHeap () returned 0x600000 [0124.593] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x6027c8) returned 1 [0124.593] GetProcessHeap () returned 0x600000 [0124.593] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6027c8) returned 0x14 [0124.593] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x6027c8) returned 1 [0124.593] GetProcessHeap () returned 0x600000 [0124.593] GetProcessHeap () returned 0x600000 [0124.593] HeapValidate (hHeap=0x600000, dwFlags=0x0, lpMem=0x607320) returned 1 [0124.593] GetProcessHeap () returned 0x600000 [0124.593] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x607320) returned 0x10 [0124.593] RtlFreeHeap (HeapHandle=0x600000, Flags=0x0, BaseAddress=0x607320) returned 1 [0124.593] exit (_Code=1) Thread: id = 23 os_tid = 0xcd0 Process: id = "3" image_name = "ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" page_root = "0x25a19000" os_pid = "0x8d0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xb04" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 534 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 535 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 536 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 537 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 538 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 539 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 540 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 541 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 542 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 543 start_va = 0x400000 end_va = 0x4b9fff monitored = 1 entry_point = 0x4a4d76 region_type = mapped_file name = "ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe") Region: id = 544 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 545 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 546 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 547 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 548 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 549 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 558 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 571 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 572 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 573 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 574 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 575 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 576 start_va = 0x5d0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 577 start_va = 0x6dcb0000 end_va = 0x6dd08fff monitored = 1 entry_point = 0x6dcc0780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 578 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 579 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 580 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 581 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 582 start_va = 0x440000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 583 start_va = 0x5d0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 584 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 585 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 586 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 591 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 592 start_va = 0x500000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 593 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 594 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 595 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 596 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 597 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 598 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 599 start_va = 0x9a0000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 600 start_va = 0x6df40000 end_va = 0x6dfb8fff monitored = 1 entry_point = 0x6df4f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 601 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 602 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 603 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 604 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 605 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 606 start_va = 0xb10000 end_va = 0xc97fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b10000" filename = "" Region: id = 607 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 608 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 609 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 610 start_va = 0xca0000 end_va = 0xe20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ca0000" filename = "" Region: id = 611 start_va = 0xe30000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e30000" filename = "" Region: id = 612 start_va = 0x5d0000 end_va = 0x684fff monitored = 1 entry_point = 0x674d76 region_type = mapped_file name = "ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe") Region: id = 613 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 614 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 615 start_va = 0x6df30000 end_va = 0x6df37fff monitored = 0 entry_point = 0x6df317b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 616 start_va = 0x6d5f0000 end_va = 0x6dca0fff monitored = 1 entry_point = 0x6d605d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 617 start_va = 0x6ddf0000 end_va = 0x6dee4fff monitored = 0 entry_point = 0x6de44160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 618 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 619 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 620 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 621 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 622 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 623 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 624 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 625 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 626 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 627 start_va = 0x5d0000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 628 start_va = 0x5d0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 629 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 630 start_va = 0x640000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 631 start_va = 0x9a0000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 632 start_va = 0xb00000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 633 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 634 start_va = 0x2230000 end_va = 0x422ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 635 start_va = 0x6d0000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 636 start_va = 0x680000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 637 start_va = 0x4230000 end_va = 0x432ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004230000" filename = "" Region: id = 638 start_va = 0x4330000 end_va = 0x4666fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 639 start_va = 0x6c3c0000 end_va = 0x6d5e7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 651 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 652 start_va = 0x4670000 end_va = 0x4700fff monitored = 0 entry_point = 0x46a8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 653 start_va = 0x73e60000 end_va = 0x73ed4fff monitored = 0 entry_point = 0x73e99a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 654 start_va = 0x4670000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004670000" filename = "" Region: id = 663 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 666 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 667 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 670 start_va = 0x6dd70000 end_va = 0x6ddedfff monitored = 1 entry_point = 0x6dd71140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 671 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 672 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 680 start_va = 0x6ba10000 end_va = 0x6c3bbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 681 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 693 start_va = 0x6b880000 end_va = 0x6ba0cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 695 start_va = 0x6ac20000 end_va = 0x6b878fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 702 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 703 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 704 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 705 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 706 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 707 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 708 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 709 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 710 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 714 start_va = 0x4670000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004670000" filename = "" Region: id = 715 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 716 start_va = 0x74120000 end_va = 0x7423efff monitored = 0 entry_point = 0x74165980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 717 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 723 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 724 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 725 start_va = 0x4670000 end_va = 0x472bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004670000" filename = "" Region: id = 726 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 727 start_va = 0x5f0000 end_va = 0x5f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 728 start_va = 0x73e40000 end_va = 0x73e5cfff monitored = 0 entry_point = 0x73e43b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 729 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 730 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 731 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 733 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 734 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 735 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 736 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 737 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 738 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 739 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 740 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 741 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 749 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 750 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 751 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 752 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 753 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 754 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 755 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 756 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 757 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 758 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 759 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 760 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 761 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 762 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 763 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 767 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 768 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 769 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 770 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 771 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 772 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 773 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 774 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 775 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 778 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 779 start_va = 0x47e0000 end_va = 0x487bfff monitored = 1 entry_point = 0x486e9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 780 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 781 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 782 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 796 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 797 start_va = 0x4880000 end_va = 0x497ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004880000" filename = "" Region: id = 810 start_va = 0x6a470000 end_va = 0x6ab81fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll") Region: id = 811 start_va = 0x6a380000 end_va = 0x6a46efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1b51e779650e38bb712f3e535efcf132\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\1b51e779650e38bb712f3e535efcf132\\system.configuration.ni.dll") Region: id = 812 start_va = 0x69c60000 end_va = 0x6a375fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\1f87b5140145c221b5201351fffc52d8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\1f87b5140145c221b5201351fffc52d8\\system.xml.ni.dll") Region: id = 813 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 814 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 815 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 816 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 817 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 818 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 819 start_va = 0x620000 end_va = 0x620fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 820 start_va = 0x71140000 end_va = 0x7115afff monitored = 0 entry_point = 0x71149050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 821 start_va = 0x70e00000 end_va = 0x70e12fff monitored = 0 entry_point = 0x70e09950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 822 start_va = 0x6e500000 end_va = 0x6e52efff monitored = 0 entry_point = 0x6e5195e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 823 start_va = 0xaa0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 824 start_va = 0x4730000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 825 start_va = 0x4790000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 826 start_va = 0x4980000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004980000" filename = "" Region: id = 827 start_va = 0x4a80000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a80000" filename = "" Region: id = 828 start_va = 0x4b80000 end_va = 0x4c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b80000" filename = "" Region: id = 829 start_va = 0x770000 end_va = 0x770fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 830 start_va = 0x74360000 end_va = 0x743e3fff monitored = 0 entry_point = 0x74386220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 831 start_va = 0x780000 end_va = 0x780fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 832 start_va = 0x69c10000 end_va = 0x69c51fff monitored = 1 entry_point = 0x69c1f380 region_type = mapped_file name = "wbemdisp.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll") Region: id = 833 start_va = 0x69ba0000 end_va = 0x69c06fff monitored = 0 entry_point = 0x69bbb610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 834 start_va = 0x75e90000 end_va = 0x75eeefff monitored = 0 entry_point = 0x75e94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 835 start_va = 0x6dd40000 end_va = 0x6dd4cfff monitored = 0 entry_point = 0x6dd43520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 836 start_va = 0x6dd20000 end_va = 0x6dd3bfff monitored = 0 entry_point = 0x6dd2aa90 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 1197 start_va = 0x69b80000 end_va = 0x69b90fff monitored = 0 entry_point = 0x69b88fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 1198 start_va = 0x69ac0000 end_va = 0x69b7efff monitored = 0 entry_point = 0x69af1e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 1199 start_va = 0x790000 end_va = 0x793fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1200 start_va = 0x69a30000 end_va = 0x69ab0fff monitored = 0 entry_point = 0x69a4b260 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 1201 start_va = 0xae0000 end_va = 0xaeefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbemdisp.tlb" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb") Region: id = 1202 start_va = 0xaf0000 end_va = 0xaf1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 1203 start_va = 0x4770000 end_va = 0x4770fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004770000" filename = "" Region: id = 1204 start_va = 0x4c80000 end_va = 0x4d5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1205 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1206 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1207 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1208 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1209 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1210 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1211 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1212 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1213 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1214 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1215 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1216 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1217 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1218 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1219 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1220 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1221 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1222 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1223 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1224 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1225 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1226 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1227 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1320 start_va = 0x69a10000 end_va = 0x69a27fff monitored = 1 entry_point = 0x69a15480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1322 start_va = 0x4d60000 end_va = 0x4d77fff monitored = 1 entry_point = 0x4d65480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1323 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 1324 start_va = 0x69a10000 end_va = 0x69a27fff monitored = 1 entry_point = 0x69a15480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1325 start_va = 0x4d90000 end_va = 0x4da7fff monitored = 1 entry_point = 0x4d95480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 1326 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 1327 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1328 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1329 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 1330 start_va = 0x4da0000 end_va = 0x4da4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 1331 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1332 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1333 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1334 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1335 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1336 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1337 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1338 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1339 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1340 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1341 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1342 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1343 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 1344 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 1345 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 1346 start_va = 0x698f0000 end_va = 0x69a0bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\d2f554a0c84513cd793fdcd77a86dab1\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\d2f554a0c84513cd793fdcd77a86dab1\\system.management.ni.dll") Region: id = 1347 start_va = 0x4db0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1348 start_va = 0x4df0000 end_va = 0x4eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1349 start_va = 0x7fe60000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe60000" filename = "" Region: id = 1350 start_va = 0x7fe50000 end_va = 0x7fe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 1351 start_va = 0x4ef0000 end_va = 0x4f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1352 start_va = 0x4f30000 end_va = 0x502ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f30000" filename = "" Region: id = 1353 start_va = 0x6dd10000 end_va = 0x6dd19fff monitored = 1 entry_point = 0x6dd139f9 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 1354 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1355 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1356 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1358 start_va = 0x5030000 end_va = 0x5034fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005030000" filename = "" Region: id = 1386 start_va = 0x5030000 end_va = 0x5032fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005030000" filename = "" Region: id = 1387 start_va = 0x5030000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1388 start_va = 0x5070000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1389 start_va = 0x5030000 end_va = 0x5042fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005030000" filename = "" Region: id = 1402 start_va = 0x5030000 end_va = 0x5032fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005030000" filename = "" Region: id = 1403 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1404 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1405 start_va = 0x5030000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 1406 start_va = 0x5070000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1407 start_va = 0x50b0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 1408 start_va = 0x50f0000 end_va = 0x51effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1409 start_va = 0x51f0000 end_va = 0x522ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 1410 start_va = 0x5230000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1619 start_va = 0x68580000 end_va = 0x685a7fff monitored = 0 entry_point = 0x68587820 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1620 start_va = 0x67fb0000 end_va = 0x68020fff monitored = 0 entry_point = 0x680069e0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\SysWOW64\\efswrt.dll" (normalized: "c:\\windows\\syswow64\\efswrt.dll") Region: id = 1621 start_va = 0x702f0000 end_va = 0x703b7fff monitored = 0 entry_point = 0x7035ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 1622 start_va = 0x67f60000 end_va = 0x67fa8fff monitored = 0 entry_point = 0x67f66450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 1623 start_va = 0x51f0000 end_va = 0x52effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 1624 start_va = 0x52f0000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 1625 start_va = 0x52f0000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 1626 start_va = 0x50b0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 1627 start_va = 0x50f0000 end_va = 0x512ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1628 start_va = 0x52f0000 end_va = 0x532ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 1629 start_va = 0x5330000 end_va = 0x542ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005330000" filename = "" Region: id = 1630 start_va = 0x5130000 end_va = 0x5130fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1631 start_va = 0x5130000 end_va = 0x5138fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1632 start_va = 0x5130000 end_va = 0x5130fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1633 start_va = 0x5130000 end_va = 0x5138fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1634 start_va = 0x5130000 end_va = 0x5130fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1635 start_va = 0x5130000 end_va = 0x5138fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1636 start_va = 0x5130000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 1637 start_va = 0x5430000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005430000" filename = "" Thread: id = 13 os_tid = 0xd10 [0115.799] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0118.181] RoInitialize () returned 0x1 [0118.181] RoUninitialize () returned 0x0 [0121.513] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76300000 [0121.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19dc28, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWájóñ Ä «_m ß\x19", lpUsedDefaultChar=0x0) returned 14 [0121.514] GetProcAddress (hModule=0x76300000, lpProcName="DefWindowProcW") returned 0x772eaee0 [0121.515] GetStockObject (i=5) returned 0x1900015 [0122.348] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0122.351] CoTaskMemAlloc (cb=0x5c) returned 0x8035b0 [0122.351] RegisterClassW (lpWndClass=0x19dc18) returned 0xc150 [0122.352] CoTaskMemFree (pv=0x8035b0) [0122.352] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0122.353] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x30322 [0122.359] SetWindowLongW (hWnd=0x30322, nIndex=-4, dwNewLong=1999548128) returned 74974654 [0122.359] GetWindowLongW (hWnd=0x30322, nIndex=-4) returned 1999548128 [0122.360] GetCurrentProcess () returned 0xffffffff [0122.360] GetCurrentThread () returned 0xfffffffe [0122.360] GetCurrentProcess () returned 0xffffffff [0122.360] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19d4f0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19d4f0*=0x258) returned 1 [0122.363] GetCurrentThreadId () returned 0xd10 [0122.369] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19d474 | out: phkResult=0x19d474*=0x25c) returned 0x0 [0122.369] RegQueryValueExW (in: hKey=0x25c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19d494, lpData=0x0, lpcbData=0x19d490*=0x0 | out: lpType=0x19d494*=0x0, lpData=0x0, lpcbData=0x19d490*=0x0) returned 0x2 [0122.370] RegQueryValueExW (in: hKey=0x25c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19d494, lpData=0x0, lpcbData=0x19d490*=0x0 | out: lpType=0x19d494*=0x0, lpData=0x0, lpcbData=0x19d490*=0x0) returned 0x2 [0122.370] RegCloseKey (hKey=0x25c) returned 0x0 [0122.371] SetWindowLongW (hWnd=0x30322, nIndex=-4, dwNewLong=74974694) returned 1999548128 [0122.371] GetWindowLongW (hWnd=0x30322, nIndex=-4) returned 74974694 [0122.371] GetWindowLongW (hWnd=0x30322, nIndex=-16) returned 79691776 [0122.658] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x30322, Msg=0x24, wParam=0x0, lParam=0x19d78c) returned 0x0 [0122.658] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc0ea [0122.659] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x30322, Msg=0x81, wParam=0x0, lParam=0x19d780) returned 0x1 [0122.670] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x30322, Msg=0x83, wParam=0x0, lParam=0x19d76c) returned 0x0 [0122.679] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x30322, Msg=0x1, wParam=0x0, lParam=0x19d780) returned 0x0 [0124.197] GetCurrentProcessId () returned 0x8d0 [0124.198] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ed4c | out: lpLuid=0x19ed4c*(LowPart=0x14, HighPart=0)) returned 1 [0124.200] GetCurrentProcess () returned 0xffffffff [0124.201] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19ed48 | out: TokenHandle=0x19ed48*=0x27c) returned 1 [0124.201] AdjustTokenPrivileges (in: TokenHandle=0x27c, DisableAllPrivileges=0, NewState=0x2239a6c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0124.201] CloseHandle (hObject=0x27c) returned 1 [0124.208] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32394b0, Length=0x20000, ResultLength=0x19f428 | out: SystemInformation=0x32394b0, ResultLength=0x19f428*=0x17720) returned 0x0 [0124.244] GetCurrentProcessId () returned 0x8d0 [0124.246] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32394b0, Length=0x20000, ResultLength=0x19f418 | out: SystemInformation=0x32394b0, ResultLength=0x19f418*=0x17720) returned 0x0 [0130.399] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x27c [0130.399] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x280 [0130.407] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e5dc | out: phkResult=0x19e5dc*=0x284) returned 0x0 [0130.408] RegQueryValueExW (in: hKey=0x284, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e5fc, lpData=0x0, lpcbData=0x19e5f8*=0x0 | out: lpType=0x19e5fc*=0x1, lpData=0x0, lpcbData=0x19e5f8*=0xe) returned 0x0 [0130.409] RegQueryValueExW (in: hKey=0x284, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e5fc, lpData=0x228b0e8, lpcbData=0x19e5f8*=0xe | out: lpType=0x19e5fc*=0x1, lpData="Client", lpcbData=0x19e5f8*=0xe) returned 0x0 [0130.410] RegCloseKey (hKey=0x284) returned 0x0 [0130.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config", nBufferLength=0x105, lpBuffer=0x19df98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config", lpFilePart=0x0) returned 0x69 [0130.759] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config", nBufferLength=0x105, lpBuffer=0x19df40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config", lpFilePart=0x0) returned 0x69 [0131.010] GetCurrentProcess () returned 0xffffffff [0131.010] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2f8 | out: TokenHandle=0x19e2f8*=0x284) returned 1 [0131.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19ddd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0131.017] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0131.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0131.019] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0131.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0131.020] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e224) returned 1 [0131.021] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x288 [0131.021] GetFileType (hFile=0x288) returned 0x1 [0131.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e220) returned 1 [0131.021] GetFileType (hFile=0x288) returned 0x1 [0131.042] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x19e2ec | out: lpFileSizeHigh=0x19e2ec*=0x0) returned 0x8c8f [0131.043] ReadFile (in: hFile=0x288, lpBuffer=0x228ebc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e2a8, lpOverlapped=0x0 | out: lpBuffer=0x228ebc8*, lpNumberOfBytesRead=0x19e2a8*=0x1000, lpOverlapped=0x0) returned 1 [0131.062] ReadFile (in: hFile=0x288, lpBuffer=0x228ebc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e144, lpOverlapped=0x0 | out: lpBuffer=0x228ebc8*, lpNumberOfBytesRead=0x19e144*=0x1000, lpOverlapped=0x0) returned 1 [0131.067] ReadFile (in: hFile=0x288, lpBuffer=0x228ebc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff8, lpOverlapped=0x0 | out: lpBuffer=0x228ebc8*, lpNumberOfBytesRead=0x19dff8*=0x1000, lpOverlapped=0x0) returned 1 [0131.069] ReadFile (in: hFile=0x288, lpBuffer=0x228ebc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff8, lpOverlapped=0x0 | out: lpBuffer=0x228ebc8*, lpNumberOfBytesRead=0x19dff8*=0x1000, lpOverlapped=0x0) returned 1 [0131.069] ReadFile (in: hFile=0x288, lpBuffer=0x228ebc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff8, lpOverlapped=0x0 | out: lpBuffer=0x228ebc8*, lpNumberOfBytesRead=0x19dff8*=0x1000, lpOverlapped=0x0) returned 1 [0131.069] ReadFile (in: hFile=0x288, lpBuffer=0x228ebc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df30, lpOverlapped=0x0 | out: lpBuffer=0x228ebc8*, lpNumberOfBytesRead=0x19df30*=0x1000, lpOverlapped=0x0) returned 1 [0131.074] ReadFile (in: hFile=0x288, lpBuffer=0x228ebc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e0ac, lpOverlapped=0x0 | out: lpBuffer=0x228ebc8*, lpNumberOfBytesRead=0x19e0ac*=0x1000, lpOverlapped=0x0) returned 1 [0131.076] ReadFile (in: hFile=0x288, lpBuffer=0x228ebc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfc0, lpOverlapped=0x0 | out: lpBuffer=0x228ebc8*, lpNumberOfBytesRead=0x19dfc0*=0x1000, lpOverlapped=0x0) returned 1 [0131.076] ReadFile (in: hFile=0x288, lpBuffer=0x228ebc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfc0, lpOverlapped=0x0 | out: lpBuffer=0x228ebc8*, lpNumberOfBytesRead=0x19dfc0*=0xc8f, lpOverlapped=0x0) returned 1 [0131.076] ReadFile (in: hFile=0x288, lpBuffer=0x228ebc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e080, lpOverlapped=0x0 | out: lpBuffer=0x228ebc8*, lpNumberOfBytesRead=0x19e080*=0x0, lpOverlapped=0x0) returned 1 [0131.076] CloseHandle (hObject=0x288) returned 1 [0131.078] GetCurrentProcess () returned 0xffffffff [0131.078] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x288) returned 1 [0131.078] GetCurrentProcess () returned 0xffffffff [0131.078] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x28c) returned 1 [0131.079] GetCurrentProcess () returned 0xffffffff [0131.079] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2f8 | out: TokenHandle=0x19e2f8*=0x290) returned 1 [0131.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0131.080] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config", lpFilePart=0x0) returned 0x69 [0131.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0131.080] GetCurrentProcess () returned 0xffffffff [0131.080] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x294) returned 1 [0131.080] GetCurrentProcess () returned 0xffffffff [0131.080] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x298) returned 1 [0131.093] GetCurrentProcess () returned 0xffffffff [0131.094] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e1e4 | out: TokenHandle=0x19e1e4*=0x29c) returned 1 [0131.118] GetCurrentProcess () returned 0xffffffff [0131.118] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e1f8 | out: TokenHandle=0x19e1f8*=0x2a0) returned 1 [0131.145] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19dec0 | out: phkResult=0x19dec0*=0x0) returned 0x2 [0131.163] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3dc | out: phkResult=0x19f3dc*=0x2a4) returned 0x0 [0131.163] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f3f8, lpData=0x0, lpcbData=0x19f3f4*=0x0 | out: lpType=0x19f3f8*=0x0, lpData=0x0, lpcbData=0x19f3f4*=0x0) returned 0x2 [0131.163] RegCloseKey (hKey=0x2a4) returned 0x0 [0131.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0131.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0131.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2d8) returned 1 [0131.223] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f354 | out: lpFileInformation=0x19f354*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0131.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2d4) returned 1 [0131.410] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19f05c | out: pfEnabled=0x19f05c) returned 0x0 [0131.942] CreateBindCtx (in: reserved=0x0, ppbc=0x19f404 | out: ppbc=0x19f404*=0x80b738) returned 0x0 [0131.943] IUnknown:QueryInterface (in: This=0x80b738, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eec0 | out: ppvObject=0x19eec0*=0x80b738) returned 0x0 [0131.943] IUnknown:QueryInterface (in: This=0x80b738, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee7c | out: ppvObject=0x19ee7c*=0x0) returned 0x80004002 [0131.943] IUnknown:QueryInterface (in: This=0x80b738, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x0) returned 0x80004002 [0131.943] IUnknown:QueryInterface (in: This=0x80b738, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea74 | out: ppvObject=0x19ea74*=0x0) returned 0x80004002 [0131.943] IUnknown:AddRef (This=0x80b738) returned 0x3 [0131.943] IUnknown:QueryInterface (in: This=0x80b738, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7dc | out: ppvObject=0x19e7dc*=0x0) returned 0x80004002 [0131.943] IUnknown:QueryInterface (in: This=0x80b738, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e78c | out: ppvObject=0x19e78c*=0x0) returned 0x80004002 [0131.943] IUnknown:QueryInterface (in: This=0x80b738, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e798 | out: ppvObject=0x19e798*=0x0) returned 0x80004002 [0131.943] CoGetContextToken (in: pToken=0x19e7f8 | out: pToken=0x19e7f8) returned 0x0 [0131.943] CObjectContext::QueryInterface () returned 0x0 [0131.944] CObjectContext::GetCurrentApartmentType () returned 0x0 [0131.944] Release () returned 0x0 [0131.944] CoGetObjectContext (in: riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x808f2c | out: ppv=0x808f2c*=0x7e00a0) returned 0x0 [0132.089] CoGetContextToken (in: pToken=0x19ec00 | out: pToken=0x19ec00) returned 0x0 [0132.090] IUnknown:QueryInterface (in: This=0x80b738, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec90 | out: ppvObject=0x19ec90*=0x0) returned 0x80004002 [0132.090] IUnknown:Release (This=0x80b738) returned 0x2 [0132.090] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0132.090] CoGetContextToken (in: pToken=0x19f130 | out: pToken=0x19f130) returned 0x0 [0132.090] IUnknown:QueryInterface (in: This=0x80b738, riid=0x19f200*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x80b738) returned 0x0 [0132.091] IUnknown:AddRef (This=0x80b738) returned 0x4 [0132.091] IUnknown:Release (This=0x80b738) returned 0x3 [0132.091] IUnknown:Release (This=0x80b738) returned 0x2 [0132.091] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0132.091] IUnknown:AddRef (This=0x80b738) returned 0x3 [0132.091] MkParseDisplayName (in: pbc=0x80b738, szUserName="WinMgmts:", pchEaten=0x19f438, ppmk=0x19f3f0 | out: pchEaten=0x19f438, ppmk=0x19f3f0*=0x8102c8) returned 0x0 [0132.925] malloc (_Size=0x80) returned 0xb02d70 [0132.927] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x80f268 [0132.927] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0132.928] DllGetClassObject (in: rclsid=0x817f54*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x76db7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1e0 | out: ppv=0x19f1e0*=0x80f3b8) returned 0x0 [0132.928] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x80f3b8 [0132.929] WinMGMTS:IClassFactory:CreateInstance (in: This=0x80f3b8, pUnkOuter=0x0, riid=0x76b16800*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f188 | out: ppvObject=0x19f188*=0x80ead0) returned 0x0 [0132.932] GetVersionExW (in: lpVersionInformation=0x19ef40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x19efa0, dwMinorVersion=0x7454234f, dwBuildNumber=0xc0150008, dwPlatformId=0x0, szCSDVersion="\≶) | out: lpVersionInformation=0x19ef40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0132.932] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19ef38 | out: phkResult=0x19ef38*=0x394) returned 0x0 [0132.932] RegQueryValueExW (in: hKey=0x394, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x19ef30, lpcbData=0x19ef3c*=0x4 | out: lpType=0x0, lpData=0x19ef30*=0x3, lpcbData=0x19ef3c*=0x4) returned 0x0 [0132.932] RegCloseKey (hKey=0x394) returned 0x0 [0132.932] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x8198c8 [0132.932] GetSystemDirectoryW (in: lpBuffer=0x8198c8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0132.932] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a90000 [0132.932] GetProcAddress (hModule=0x76a90000, lpProcName="DuplicateTokenEx") returned 0x76ab0ad0 [0132.932] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0132.932] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x8101d8 [0132.932] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x80ead0 [0132.933] WinMGMTS:IUnknown:Release (This=0x80f3b8) returned 0x0 [0132.933] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0132.933] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x80ead0, pbc=0x80b738, pszDisplayName="WinMgmts:", pchEaten=0x19f398, ppmkOut=0x19f394 | out: pchEaten=0x19f398*=0x9, ppmkOut=0x19f394*=0x8102c8) returned 0x0 [0132.933] ApiSetQueryApiSetPresence () returned 0x0 [0132.933] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0132.933] IBindCtx:GetObjectParam (in: This=0x80b738, pszKey=0x69c13e5c, ppunk=0x19f240 | out: ppunk=0x19f240*=0x0) returned 0x80004005 [0132.933] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7b4ff0 [0132.933] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123 [0132.933] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7ff4e8 [0132.934] ResolveDelayLoadedAPI () returned 0x76e20060 [0132.934] CoCreateInstance (in: rclsid=0x69c11c58*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x69c11c48*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x7ff500 | out: ppv=0x7ff500*=0x80eac0) returned 0x0 [0133.096] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7ff758 [0133.096] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7e8ff8 [0133.096] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7b4e10 [0133.096] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0133.097] GetCurrentThreadId () returned 0xd10 [0133.097] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91 [0133.097] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0133.097] GetCurrentThreadId () returned 0xd10 [0133.098] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19f0b4 | out: phkResult=0x19f0b4*=0x3a0) returned 0x0 [0133.098] RegQueryValueExW (in: hKey=0x3a0, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x19f0b8*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x19f0b8*=0x16) returned 0x0 [0133.098] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7b4e70 [0133.098] RegQueryValueExW (in: hKey=0x3a0, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x7b4e70, lpcbData=0x19f0b8*=0x16 | out: lpType=0x0, lpData=0x7b4e70*=0x72, lpcbData=0x19f0b8*=0x16) returned 0x0 [0133.098] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7b4f90 [0133.099] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0133.099] RegCloseKey (hKey=0x3a0) returned 0x0 [0133.099] CoCreateInstance (in: rclsid=0x69c121a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x69c121b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f0ec | out: ppv=0x19f0ec*=0x813c98) returned 0x0 [0133.274] SysStringLen (param_1=".") returned 0x1 [0133.274] WbemDefPath:IWbemPath:SetServer (This=0x813c98, Name=".") returned 0x0 [0133.274] CoCreateInstance (in: rclsid=0x69c121a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x69c121b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f098 | out: ppv=0x19f098*=0x81a3c0) returned 0x0 [0133.274] CoCreateInstance (in: rclsid=0x69c121a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x69c121b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f034 | out: ppv=0x19f034*=0x81a430) returned 0x0 [0133.274] WbemDefPath:IWbemPath:SetText (This=0x81a430, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0133.274] WbemDefPath:IUnknown:Release (This=0x81a430) returned 0x0 [0133.274] SysStringLen (param_1="root\\cimv2") returned 0xa [0133.274] WbemDefPath:IWbemPath:SetText (This=0x81a3c0, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0133.274] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81a3c0, puCount=0x19f0b0 | out: puCount=0x19f0b0*=0x2) returned 0x0 [0133.274] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x813c98) returned 0x0 [0133.274] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x81a3c0, uIndex=0x0, puNameBufLength=0x19f06c*=0x0, pName=0x0 | out: puNameBufLength=0x19f06c*=0x5, pName=0x0) returned 0x0 [0133.275] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81a7e0 [0133.275] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x81a3c0, uIndex=0x0, puNameBufLength=0x19f06c*=0x5, pName="" | out: puNameBufLength=0x19f06c*=0x5, pName="root") returned 0x0 [0133.275] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0133.275] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x813c98, uIndex=0x0, pszName="root") returned 0x0 [0133.275] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x81a3c0, uIndex=0x1, puNameBufLength=0x19f06c*=0x0, pName=0x0 | out: puNameBufLength=0x19f06c*=0x6, pName=0x0) returned 0x0 [0133.275] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81a720 [0133.275] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x81a3c0, uIndex=0x1, puNameBufLength=0x19f06c*=0x6, pName="" | out: puNameBufLength=0x19f06c*=0x6, pName="cimv2") returned 0x0 [0133.275] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0133.275] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x813c98, uIndex=0x1, pszName="cimv2") returned 0x0 [0133.275] WbemDefPath:IUnknown:Release (This=0x81a3c0) returned 0x0 [0133.275] WbemDefPath:IWbemPath:GetText (in: This=0x813c98, lFlags=4, puBuffLength=0x19f0b4*=0x0, pszText=0x0 | out: puBuffLength=0x19f0b4*=0xf, pszText=0x0) returned 0x0 [0133.275] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x810278 [0133.275] WbemDefPath:IWbemPath:GetText (in: This=0x813c98, lFlags=4, puBuffLength=0x19f0b4*=0xf, pszText="cimv2" | out: puBuffLength=0x19f0b4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0133.275] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0133.275] WbemDefPath:IUnknown:Release (This=0x813c98) returned 0x0 [0133.275] WbemLocator:IWbemLocator:ConnectServer (in: This=0x80eac0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x19f134 | out: ppNamespace=0x19f134*=0x800e18) returned 0x0 [0134.508] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81e688 [0134.508] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7e91d8 [0134.508] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81f4c8 [0134.508] WbemLocator:IUnknown:QueryInterface (in: This=0x800e18, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x7fa70c) returned 0x0 [0134.508] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fa70c, pProxy=0x800e18, pAuthnSvc=0x19f100, pAuthzSvc=0x19f104, pServerPrincName=0x0, pAuthnLevel=0x19f174, pImpLevel=0x19f17c, pAuthInfo=0x0, pCapabilites=0x19f108 | out: pAuthnSvc=0x19f100*=0xa, pAuthzSvc=0x19f104*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f174*=0x6, pImpLevel=0x19f17c*=0x2, pAuthInfo=0x0, pCapabilites=0x19f108*=0x1) returned 0x0 [0134.508] WbemLocator:IUnknown:Release (This=0x7fa70c) returned 0x1 [0134.508] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0134.508] GetCurrentThreadId () returned 0xd10 [0134.509] WbemLocator:IUnknown:QueryInterface (in: This=0x800e18, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f19c | out: ppvObject=0x19f19c*=0x7fa70c) returned 0x0 [0134.509] WbemLocator:IClientSecurity:CopyProxy (in: This=0x7fa70c, pProxy=0x800e18, ppCopy=0x19f1c0 | out: ppCopy=0x19f1c0*=0x800eb8) returned 0x0 [0134.509] WbemLocator:IUnknown:QueryInterface (in: This=0x800eb8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f038 | out: ppvObject=0x19f038*=0x7fa70c) returned 0x0 [0134.509] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fa70c, pProxy=0x800eb8, pAuthnSvc=0x19f068, pAuthzSvc=0x19f064, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19f068*=0xa, pAuthzSvc=0x19f064*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0134.509] WbemLocator:IUnknown:Release (This=0x7fa70c) returned 0x3 [0134.509] WbemLocator:IUnknown:QueryInterface (in: This=0x800eb8, riid=0x69c11f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f01c | out: ppvObject=0x19f01c*=0x7fa730) returned 0x0 [0134.509] WbemLocator:IUnknown:QueryInterface (in: This=0x800eb8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f020 | out: ppvObject=0x19f020*=0x7fa70c) returned 0x0 [0134.509] WbemLocator:IClientSecurity:SetBlanket (This=0x7fa70c, pProxy=0x800eb8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.509] WbemLocator:IUnknown:Release (This=0x7fa70c) returned 0x4 [0134.509] WbemLocator:IUnknown:Release (This=0x7fa730) returned 0x3 [0134.509] WbemLocator:IUnknown:Release (This=0x7fa70c) returned 0x2 [0134.509] WbemLocator:IUnknown:AddRef (This=0x800eb8) returned 0x3 [0134.509] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7e9238 [0134.509] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81a790 [0134.509] WbemLocator:IUnknown:Release (This=0x800e18) returned 0x2 [0134.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0134.510] GetCurrentThreadId () returned 0xd10 [0134.510] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0134.510] GetCurrentThreadId () returned 0xd10 [0134.510] WbemLocator:IUnknown:QueryInterface (in: This=0x800eb8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x7fa70c) returned 0x0 [0134.510] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fa70c, pProxy=0x800eb8, pAuthnSvc=0x19f1b0, pAuthzSvc=0x19f1b4, pServerPrincName=0x0, pAuthnLevel=0x19f1c0, pImpLevel=0x19f1bc, pAuthInfo=0x0, pCapabilites=0x19f1b8 | out: pAuthnSvc=0x19f1b0*=0xa, pAuthzSvc=0x19f1b4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f1c0*=0x6, pImpLevel=0x19f1bc*=0x3, pAuthInfo=0x0, pCapabilites=0x19f1b8*=0x20) returned 0x0 [0134.510] WbemLocator:IUnknown:Release (This=0x7fa70c) returned 0x2 [0134.510] ResolveDelayLoadedAPI () returned 0x76b42060 [0134.511] CreatePointerMoniker (in: punk=0x81e688, ppmk=0x19f394 | out: ppmk=0x19f394*=0x8102c8) returned 0x0 [0134.511] IUnknown:AddRef (This=0x81e688) returned 0x2 [0134.512] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0134.512] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0134.512] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0134.513] WbemLocator:IUnknown:Release (This=0x80eac0) returned 0x0 [0134.513] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0134.513] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0134.514] WinMGMTS:IUnknown:Release (This=0x80ead0) returned 0x0 [0134.514] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0134.524] IUnknown:QueryInterface (in: This=0x8102c8, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eeb4 | out: ppvObject=0x19eeb4*=0x8102c8) returned 0x0 [0134.524] IUnknown:QueryInterface (in: This=0x8102c8, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee70 | out: ppvObject=0x19ee70*=0x0) returned 0x80004002 [0134.525] IUnknown:QueryInterface (in: This=0x8102c8, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec8c | out: ppvObject=0x19ec8c*=0x0) returned 0x80004002 [0134.525] IUnknown:QueryInterface (in: This=0x8102c8, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea64 | out: ppvObject=0x19ea64*=0x0) returned 0x80004002 [0134.525] IUnknown:AddRef (This=0x8102c8) returned 0x3 [0134.525] IUnknown:QueryInterface (in: This=0x8102c8, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7cc | out: ppvObject=0x19e7cc*=0x0) returned 0x80004002 [0134.525] IUnknown:QueryInterface (in: This=0x8102c8, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e77c | out: ppvObject=0x19e77c*=0x0) returned 0x80004002 [0134.525] IUnknown:QueryInterface (in: This=0x8102c8, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e788 | out: ppvObject=0x19e788*=0x8102dc) returned 0x0 [0134.525] IMarshal:GetUnmarshalClass (in: This=0x8102dc, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e790 | out: pCid=0x19e790*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.525] IUnknown:Release (This=0x8102dc) returned 0x3 [0134.525] CoGetContextToken (in: pToken=0x19e7e8 | out: pToken=0x19e7e8) returned 0x0 [0134.525] CoGetContextToken (in: pToken=0x19ebf0 | out: pToken=0x19ebf0) returned 0x0 [0134.525] IUnknown:QueryInterface (in: This=0x8102c8, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec80 | out: ppvObject=0x19ec80*=0x0) returned 0x80004002 [0134.525] IUnknown:Release (This=0x8102c8) returned 0x2 [0134.526] CoGetContextToken (in: pToken=0x19f1c8 | out: pToken=0x19f1c8) returned 0x0 [0134.526] CoGetContextToken (in: pToken=0x19f128 | out: pToken=0x19f128) returned 0x0 [0134.526] IUnknown:QueryInterface (in: This=0x8102c8, riid=0x19f1f8*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f4 | out: ppvObject=0x19f1f4*=0x8102c8) returned 0x0 [0134.526] IUnknown:AddRef (This=0x8102c8) returned 0x4 [0134.526] IUnknown:Release (This=0x8102c8) returned 0x3 [0134.526] IUnknown:Release (This=0x80b738) returned 0x2 [0134.526] IUnknown:Release (This=0x8102c8) returned 0x2 [0134.527] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0134.527] IUnknown:AddRef (This=0x8102c8) returned 0x3 [0134.527] BindMoniker (in: pmk=0x8102c8, grfOpt=0x0, iidResult=0x2236f8c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x19f3f4 | out: ppvResult=0x19f3f4*=0x81e688) returned 0x0 [0134.527] IUnknown:QueryInterface (in: This=0x81e688, riid=0x2236f8c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3f4 | out: ppvObject=0x19f3f4*=0x81e688) returned 0x0 [0134.527] LoadRegTypeLib (in: rguid=0x69c12198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19ec54*=0x0 | out: pptlib=0x19ec54*=0x822ac8) returned 0x0 [0134.795] ITypeLib:GetTypeInfoOfGuid (in: This=0x822ac8, GUID=0x81e6cc*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x81e6b4 | out: ppTInfo=0x81e6b4*=0x82451c) returned 0x0 [0134.796] IUnknown:Release (This=0x822ac8) returned 0x1 [0134.813] CoGetContextToken (in: pToken=0x19e7f0 | out: pToken=0x19e7f0) returned 0x0 [0134.813] CoGetContextToken (in: pToken=0x19ebf8 | out: pToken=0x19ebf8) returned 0x0 [0134.813] IUnknown:Release (This=0x8102c8) returned 0x2 [0135.002] CoGetContextToken (in: pToken=0x19eed0 | out: pToken=0x19eed0) returned 0x0 [0135.002] LoadRegTypeLib (in: rguid=0x69c12198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eeb8*=0x0 | out: pptlib=0x19eeb8*=0x822ac8) returned 0x0 [0135.003] ITypeLib:GetTypeInfoOfGuid (in: This=0x822ac8, GUID=0x81e6bc*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x81e6b0 | out: ppTInfo=0x81e6b0*=0x824548) returned 0x0 [0135.003] IUnknown:Release (This=0x822ac8) returned 0x2 [0135.003] IUnknown:AddRef (This=0x824548) returned 0x2 [0135.003] DispGetIDsOfNames (in: ptinfo=0x824548, rgszNames=0x19ef40*="InstancesOf", cNames=0x1, rgdispid=0x19ef30 | out: rgdispid=0x19ef30*=5) returned 0x0 [0135.022] IUnknown:Release (This=0x824548) returned 0x1 [0135.024] IUnknown:AddRef (This=0x824548) returned 0x2 [0135.024] ITypeInfo:LocalInvoke (This=0x824548) returned 0x0 [0135.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.025] GetCurrentThreadId () returned 0xd10 [0135.025] WbemLocator:IUnknown:AddRef (This=0x800eb8) returned 0x3 [0135.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.025] GetCurrentThreadId () returned 0xd10 [0135.025] IWbemServices:CreateInstanceEnum (in: This=0x800eb8, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x19e744 | out: ppEnum=0x19e744*=0x827828) returned 0x0 [0135.049] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7e8ff8 [0135.049] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7e9358 [0135.049] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x7e8c98 [0135.049] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81aa10 [0135.049] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81f580 [0135.049] IUnknown:QueryInterface (in: This=0x827828, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x82782c) returned 0x0 [0135.049] IClientSecurity:QueryBlanket (in: This=0x82782c, pProxy=0x827828, pAuthnSvc=0x19e5d8, pAuthzSvc=0x19e5e0, pServerPrincName=0x0, pAuthnLevel=0x19e614, pImpLevel=0x19e618, pAuthInfo=0x0, pCapabilites=0x19e5dc | out: pAuthnSvc=0x19e5d8*=0xa, pAuthzSvc=0x19e5e0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e614*=0x6, pImpLevel=0x19e618*=0x2, pAuthInfo=0x0, pCapabilites=0x19e5dc*=0x1) returned 0x0 [0135.049] IUnknown:Release (This=0x82782c) returned 0x1 [0135.049] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.049] GetCurrentThreadId () returned 0xd10 [0135.050] WbemLocator:IUnknown:QueryInterface (in: This=0x800eb8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5dc | out: ppvObject=0x19e5dc*=0x7fa70c) returned 0x0 [0135.050] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fa70c, pProxy=0x800eb8, pAuthnSvc=0x19e5c4, pAuthzSvc=0x19e5c8, pServerPrincName=0x0, pAuthnLevel=0x19e5d4, pImpLevel=0x19e5d8, pAuthInfo=0x0, pCapabilites=0x19e5cc | out: pAuthnSvc=0x19e5c4*=0xa, pAuthzSvc=0x19e5c8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5d4*=0x6, pImpLevel=0x19e5d8*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5cc*=0x20) returned 0x0 [0135.050] WbemLocator:IUnknown:Release (This=0x7fa70c) returned 0x3 [0135.050] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.050] GetCurrentThreadId () returned 0xd10 [0135.050] WbemLocator:IUnknown:QueryInterface (in: This=0x800eb8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5dc | out: ppvObject=0x19e5dc*=0x7fa70c) returned 0x0 [0135.050] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fa70c, pProxy=0x800eb8, pAuthnSvc=0x19e5c4, pAuthzSvc=0x19e5c8, pServerPrincName=0x0, pAuthnLevel=0x19e5d8, pImpLevel=0x19e5d4, pAuthInfo=0x0, pCapabilites=0x19e5cc | out: pAuthnSvc=0x19e5c4*=0xa, pAuthzSvc=0x19e5c8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5d8*=0x6, pImpLevel=0x19e5d4*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5cc*=0x20) returned 0x0 [0135.050] WbemLocator:IUnknown:Release (This=0x7fa70c) returned 0x3 [0135.050] IUnknown:QueryInterface (in: This=0x827828, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e60c | out: ppvObject=0x19e60c*=0x82782c) returned 0x0 [0135.051] IClientSecurity:CopyProxy (in: This=0x82782c, pProxy=0x827828, ppCopy=0x19e610 | out: ppCopy=0x19e610*=0x8280f8) returned 0x0 [0135.051] IUnknown:QueryInterface (in: This=0x8280f8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e564 | out: ppvObject=0x19e564*=0x8280fc) returned 0x0 [0135.051] IClientSecurity:QueryBlanket (in: This=0x8280fc, pProxy=0x8280f8, pAuthnSvc=0x19e594, pAuthzSvc=0x19e590, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e594*=0xa, pAuthzSvc=0x19e590*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0135.051] IUnknown:Release (This=0x8280fc) returned 0x3 [0135.051] IUnknown:QueryInterface (in: This=0x8280f8, riid=0x69c11f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e548 | out: ppvObject=0x19e548*=0x7f9630) returned 0x0 [0135.051] IUnknown:QueryInterface (in: This=0x8280f8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e54c | out: ppvObject=0x19e54c*=0x8280fc) returned 0x0 [0135.051] IClientSecurity:SetBlanket (This=0x8280fc, pProxy=0x8280f8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0135.235] IUnknown:Release (This=0x8280fc) returned 0x4 [0135.235] WbemLocator:IUnknown:Release (This=0x7f9630) returned 0x3 [0135.236] IUnknown:Release (This=0x82782c) returned 0x2 [0135.236] IUnknown:AddRef (This=0x8280f8) returned 0x3 [0135.236] IUnknown:Release (This=0x827828) returned 0x2 [0135.236] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19e700 | out: pperrinfo=0x19e700*=0x0) returned 0x1 [0135.236] WbemLocator:IUnknown:Release (This=0x800eb8) returned 0x2 [0135.236] IUnknown:Release (This=0x824548) returned 0x1 [0135.237] LoadRegTypeLib (in: rguid=0x69c12198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19e714*=0x0 | out: pptlib=0x19e714*=0x822ac8) returned 0x0 [0135.237] ITypeLib:GetTypeInfoOfGuid (in: This=0x822ac8, GUID=0x7e9030*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x7e9018 | out: ppTInfo=0x7e9018*=0x824650) returned 0x0 [0135.237] IUnknown:Release (This=0x822ac8) returned 0x3 [0135.237] IUnknown:AddRef (This=0x824650) returned 0x2 [0135.237] ITypeInfo:RemoteGetTypeAttr (in: This=0x824650, ppTypeAttr=0x19e750, pDummy=0xc5b04620 | out: ppTypeAttr=0x19e750, pDummy=0xc5b04620) returned 0x0 [0135.238] ITypeInfo:LocalReleaseTypeAttr (This=0x824650) returned 0x0 [0135.238] IUnknown:Release (This=0x824650) returned 0x1 [0135.238] CoGetContextToken (in: pToken=0x19e2b0 | out: pToken=0x19e2b0) returned 0x0 [0135.238] CoGetContextToken (in: pToken=0x19e6b8 | out: pToken=0x19e6b8) returned 0x0 [0135.239] CoGetContextToken (in: pToken=0x19f298 | out: pToken=0x19f298) returned 0x0 [0135.239] CoGetContextToken (in: pToken=0x19f1f8 | out: pToken=0x19f1f8) returned 0x0 [0135.240] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0135.240] LoadRegTypeLib (in: rguid=0x69c12198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x19f208*=0x0 | out: pptlib=0x19f208*=0x822ac8) returned 0x0 [0135.261] ITypeLib:GetTypeInfoOfGuid (in: This=0x822ac8, GUID=0x7e9020*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x7e9014 | out: ppTInfo=0x7e9014*=0x8245f8) returned 0x0 [0135.261] IUnknown:Release (This=0x822ac8) returned 0x4 [0135.261] IUnknown:AddRef (This=0x8245f8) returned 0x2 [0135.261] ITypeInfo:LocalInvoke (This=0x8245f8) returned 0x0 [0135.261] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.261] GetCurrentThreadId () returned 0xd10 [0135.262] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81f898 [0135.262] IUnknown:Release (This=0x8245f8) returned 0x1 [0135.262] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0135.683] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x7eea80 [0135.690] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x7ef0e0 [0135.739] CoGetContextToken (in: pToken=0x19ef44 | out: pToken=0x19ef44) returned 0x0 [0135.782] CoGetContextToken (in: pToken=0x19ea40 | out: pToken=0x19ea40) returned 0x0 [0135.782] IUnknown:AddRef (This=0x8245f8) returned 0x2 [0135.782] ITypeInfo:LocalInvoke (This=0x8245f8) returned 0x0 [0135.783] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.783] GetCurrentThreadId () returned 0xd10 [0135.783] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.783] GetCurrentThreadId () returned 0xd10 [0135.783] IUnknown:AddRef (This=0x8280f8) returned 0x3 [0135.783] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.783] GetCurrentThreadId () returned 0xd10 [0135.783] IEnumWbemClassObject:Clone (in: This=0x8280f8, ppEnum=0x19ea70 | out: ppEnum=0x19ea70*=0x7e5a18) returned 0x0 [0135.788] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x82a238 [0135.788] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x82a058 [0135.788] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x82a0b8 [0135.788] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81a6d0 [0135.788] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81ed98 [0135.788] IUnknown:QueryInterface (in: This=0x7e5a18, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e91c | out: ppvObject=0x19e91c*=0x7e5a1c) returned 0x0 [0135.788] IClientSecurity:QueryBlanket (in: This=0x7e5a1c, pProxy=0x7e5a18, pAuthnSvc=0x19e908, pAuthzSvc=0x19e910, pServerPrincName=0x0, pAuthnLevel=0x19e944, pImpLevel=0x19e948, pAuthInfo=0x0, pCapabilites=0x19e90c | out: pAuthnSvc=0x19e908*=0xa, pAuthzSvc=0x19e910*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e944*=0x6, pImpLevel=0x19e948*=0x2, pAuthInfo=0x0, pCapabilites=0x19e90c*=0x1) returned 0x0 [0135.788] IUnknown:Release (This=0x7e5a1c) returned 0x1 [0135.788] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.788] GetCurrentThreadId () returned 0xd10 [0135.788] IUnknown:QueryInterface (in: This=0x8280f8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e90c | out: ppvObject=0x19e90c*=0x8280fc) returned 0x0 [0135.789] IClientSecurity:QueryBlanket (in: This=0x8280fc, pProxy=0x8280f8, pAuthnSvc=0x19e8f4, pAuthzSvc=0x19e8f8, pServerPrincName=0x0, pAuthnLevel=0x19e904, pImpLevel=0x19e908, pAuthInfo=0x0, pCapabilites=0x19e8fc | out: pAuthnSvc=0x19e8f4*=0xa, pAuthzSvc=0x19e8f8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e904*=0x6, pImpLevel=0x19e908*=0x3, pAuthInfo=0x0, pCapabilites=0x19e8fc*=0x20) returned 0x0 [0135.789] IUnknown:Release (This=0x8280fc) returned 0x3 [0135.789] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.789] GetCurrentThreadId () returned 0xd10 [0135.789] IUnknown:QueryInterface (in: This=0x8280f8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e90c | out: ppvObject=0x19e90c*=0x8280fc) returned 0x0 [0135.789] IClientSecurity:QueryBlanket (in: This=0x8280fc, pProxy=0x8280f8, pAuthnSvc=0x19e8f4, pAuthzSvc=0x19e8f8, pServerPrincName=0x0, pAuthnLevel=0x19e908, pImpLevel=0x19e904, pAuthInfo=0x0, pCapabilites=0x19e8fc | out: pAuthnSvc=0x19e8f4*=0xa, pAuthzSvc=0x19e8f8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e908*=0x6, pImpLevel=0x19e904*=0x3, pAuthInfo=0x0, pCapabilites=0x19e8fc*=0x20) returned 0x0 [0135.789] IUnknown:Release (This=0x8280fc) returned 0x3 [0135.789] IUnknown:QueryInterface (in: This=0x7e5a18, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e93c | out: ppvObject=0x19e93c*=0x7e5a1c) returned 0x0 [0135.789] IClientSecurity:CopyProxy (in: This=0x7e5a1c, pProxy=0x7e5a18, ppCopy=0x19e940 | out: ppCopy=0x19e940*=0x82aba8) returned 0x0 [0135.789] IUnknown:QueryInterface (in: This=0x82aba8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e894 | out: ppvObject=0x19e894*=0x82abac) returned 0x0 [0135.789] IClientSecurity:QueryBlanket (in: This=0x82abac, pProxy=0x82aba8, pAuthnSvc=0x19e8c4, pAuthzSvc=0x19e8c0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e8c4*=0xa, pAuthzSvc=0x19e8c0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0135.789] IUnknown:Release (This=0x82abac) returned 0x3 [0135.789] IUnknown:QueryInterface (in: This=0x82aba8, riid=0x69c11f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e878 | out: ppvObject=0x19e878*=0x7fae30) returned 0x0 [0135.789] IUnknown:QueryInterface (in: This=0x82aba8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e87c | out: ppvObject=0x19e87c*=0x82abac) returned 0x0 [0135.789] IClientSecurity:SetBlanket (This=0x82abac, pProxy=0x82aba8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0135.792] IUnknown:Release (This=0x82abac) returned 0x4 [0135.792] WbemLocator:IUnknown:Release (This=0x7fae30) returned 0x3 [0135.792] IUnknown:Release (This=0x7e5a1c) returned 0x2 [0135.792] IUnknown:AddRef (This=0x82aba8) returned 0x3 [0135.792] IUnknown:Release (This=0x7e5a18) returned 0x2 [0135.792] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19ea30 | out: pperrinfo=0x19ea30*=0x0) returned 0x1 [0135.792] IUnknown:Release (This=0x8280f8) returned 0x2 [0135.792] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.792] GetCurrentThreadId () returned 0xd10 [0135.792] IUnknown:AddRef (This=0x82aba8) returned 0x3 [0135.792] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.792] GetCurrentThreadId () returned 0xd10 [0135.792] IEnumWbemClassObject:Reset (This=0x82aba8) returned 0x0 [0135.794] IUnknown:Release (This=0x82aba8) returned 0x2 [0135.794] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81fa90 [0135.794] IUnknown:Release (This=0x8245f8) returned 0x1 [0135.814] CoGetContextToken (in: pToken=0x19e228 | out: pToken=0x19e228) returned 0x0 [0135.815] CoGetContextToken (in: pToken=0x19e630 | out: pToken=0x19e630) returned 0x0 [0135.842] CoGetContextToken (in: pToken=0x19f028 | out: pToken=0x19f028) returned 0x0 [0135.843] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.843] GetCurrentThreadId () returned 0xd10 [0135.843] IUnknown:AddRef (This=0x82aba8) returned 0x3 [0135.843] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.843] GetCurrentThreadId () returned 0xd10 [0135.843] IEnumWbemClassObject:Next (in: This=0x82aba8, lTimeout=-1, uCount=0x1, apObjects=0x19f3a0, puReturned=0x19f380 | out: apObjects=0x19f3a0*=0x82fe60, puReturned=0x19f380*=0x1) returned 0x0 [0135.848] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81d5d8 [0135.848] IUnknown:AddRef (This=0x82fe60) returned 0x2 [0135.848] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81e538 [0135.848] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x829c98 [0135.849] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x829b18 [0135.849] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81a990 [0135.849] WbemLocator:IUnknown:AddRef (This=0x800eb8) returned 0x3 [0135.849] IUnknown:AddRef (This=0x82aba8) returned 0x4 [0135.849] IUnknown:QueryInterface (in: This=0x82aba8, riid=0x69c11f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3cc | out: ppvObject=0x19f3cc*=0x82abac) returned 0x0 [0135.849] IClientSecurity:QueryBlanket (in: This=0x82abac, pProxy=0x82aba8, pAuthnSvc=0x19f350, pAuthzSvc=0x19f358, pServerPrincName=0x0, pAuthnLevel=0x19f37c, pImpLevel=0x19f388, pAuthInfo=0x0, pCapabilites=0x19f34c | out: pAuthnSvc=0x19f350*=0xa, pAuthzSvc=0x19f358*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f37c*=0x6, pImpLevel=0x19f388*=0x3, pAuthInfo=0x0, pCapabilites=0x19f34c*=0x20) returned 0x0 [0135.849] IUnknown:Release (This=0x82abac) returned 0x4 [0135.849] WbemLocator:IUnknown:Release (This=0x800eb8) returned 0x2 [0135.849] WbemLocator:IUnknown:AddRef (This=0x800eb8) returned 0x3 [0135.849] IUnknown:Release (This=0x82aba8) returned 0x3 [0135.849] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0135.849] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x827b08 [0135.849] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x81aa70 [0135.849] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x80fdc8 [0135.849] IUnknown:AddRef (This=0x82fe60) returned 0x3 [0135.849] IUnknown:Release (This=0x82fe60) returned 0x2 [0135.849] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f318 | out: pperrinfo=0x19f318*=0x0) returned 0x1 [0135.849] IUnknown:Release (This=0x82aba8) returned 0x2 [0135.849] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3d0 | out: pperrinfo=0x19f3d0*=0x0) returned 0x1 [0135.850] LoadRegTypeLib (in: rguid=0x69c12198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19eb7c*=0x0 | out: pptlib=0x19eb7c*=0x822ac8) returned 0x0 [0135.851] ITypeLib:GetTypeInfoOfGuid (in: This=0x822ac8, GUID=0x69c14c08*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x827b24 | out: ppTInfo=0x827b24*=0x82467c) returned 0x0 [0135.851] IUnknown:Release (This=0x822ac8) returned 0x5 [0135.851] IUnknown:AddRef (This=0x82467c) returned 0x2 [0135.851] ITypeInfo:RemoteGetTypeAttr (in: This=0x82467c, ppTypeAttr=0x19ebb8, pDummy=0xc5b04a88 | out: ppTypeAttr=0x19ebb8, pDummy=0xc5b04a88) returned 0x0 [0135.852] ITypeInfo:LocalReleaseTypeAttr (This=0x82467c) returned 0x0 [0135.852] IUnknown:Release (This=0x82467c) returned 0x1 [0135.852] CoGetContextToken (in: pToken=0x19e718 | out: pToken=0x19e718) returned 0x0 [0135.853] CoGetContextToken (in: pToken=0x19eb20 | out: pToken=0x19eb20) returned 0x0 [0135.856] CoGetContextToken (in: pToken=0x19eee0 | out: pToken=0x19eee0) returned 0x0 [0135.856] LoadRegTypeLib (in: rguid=0x69c12198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eed8*=0x0 | out: pptlib=0x19eed8*=0x822ac8) returned 0x0 [0135.857] ITypeLib:GetTypeInfoOfGuid (in: This=0x822ac8, GUID=0x69c11e68*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x827b20 | out: ppTInfo=0x827b20*=0x8246a8) returned 0x0 [0135.857] IUnknown:Release (This=0x822ac8) returned 0x6 [0135.857] IUnknown:AddRef (This=0x8246a8) returned 0x2 [0135.857] DispGetIDsOfNames (in: ptinfo=0x8246a8, rgszNames=0x19ef60*="SerialNumber", cNames=0x1, rgdispid=0x19ef50 | out: rgdispid=0x19ef50*=-1) returned 0x80020006 [0135.894] IUnknown:AddRef (This=0x82fe60) returned 0x3 [0135.894] IWbemClassObject:Get (in: This=0x82fe60, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x19eea8*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x19eea8*=0) returned 0x0 [0135.894] IUnknown:Release (This=0x82fe60) returned 0x2 [0135.894] SysStringLen (param_1="SerialNumber") returned 0xc [0135.894] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x82f480 [0135.894] SysStringLen (param_1="SerialNumber") returned 0xc [0135.894] IUnknown:Release (This=0x8246a8) returned 0x1 [0135.895] IUnknown:AddRef (This=0x8246a8) returned 0x2 [0135.895] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.895] GetCurrentThreadId () returned 0xd10 [0135.895] SysStringLen (param_1="SerialNumber") returned 0xc [0135.895] IWbemClassObject:Get (in: This=0x82fe60, wszName="SerialNumber", lFlags=0, pVal=0x19ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ece8*=0, plFlavor=0x0 | out: pVal=0x19ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..XXXXXXXXXXXXX.", varVal2=0x0), pType=0x19ece8*=8, plFlavor=0x0) returned 0x0 [0135.896] IUnknown:Release (This=0x8246a8) returned 0x1 [0135.896] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0135.896] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0135.956] CoGetContextToken (in: pToken=0x19f028 | out: pToken=0x19f028) returned 0x0 [0135.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.957] GetCurrentThreadId () returned 0xd10 [0135.957] IUnknown:AddRef (This=0x82aba8) returned 0x3 [0135.957] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0135.957] GetCurrentThreadId () returned 0xd10 [0135.957] IEnumWbemClassObject:Next (in: This=0x82aba8, lTimeout=-1, uCount=0x1, apObjects=0x19f3a0, puReturned=0x19f380 | out: apObjects=0x19f3a0*=0x0, puReturned=0x19f380*=0x0) returned 0x1 [0135.958] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f318 | out: pperrinfo=0x19f318*=0x0) returned 0x1 [0135.958] IUnknown:Release (This=0x82aba8) returned 0x2 [0135.959] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3d0 | out: pperrinfo=0x19f3d0*=0x0) returned 0x1 [0136.082] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d0 [0136.083] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e0 [0136.091] SetEvent (hEvent=0x3e0) returned 1 [0136.114] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a8*=0x3d0, lpdwindex=0x19f1c4 | out: lpdwindex=0x19f1c4) returned 0x0 [0136.114] CoGetContextToken (in: pToken=0x19f278 | out: pToken=0x19f278) returned 0x0 [0136.114] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0136.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df18, riid=0x19f2a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2a4 | out: ppvObject=0x19f2a4*=0x81df18) returned 0x0 [0136.114] WbemDefPath:IUnknown:AddRef (This=0x81df18) returned 0x3 [0136.114] WbemDefPath:IUnknown:Release (This=0x81df18) returned 0x2 [0136.116] WbemDefPath:IWbemPath:SetText (This=0x81df18, uMode=0x4, pszPath="win32_processor") returned 0x0 [0136.118] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81df18, puCount=0x19f428 | out: puCount=0x19f428*=0x0) returned 0x0 [0136.118] WbemDefPath:IWbemPath:GetText (in: This=0x81df18, lFlags=2, puBuffLength=0x19f424*=0x0, pszText=0x0 | out: puBuffLength=0x19f424*=0x10, pszText=0x0) returned 0x0 [0136.118] WbemDefPath:IWbemPath:GetText (in: This=0x81df18, lFlags=2, puBuffLength=0x19f424*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f424*=0x10, pszText="win32_processor") returned 0x0 [0136.119] WbemDefPath:IWbemPath:GetInfo (in: This=0x81df18, uRequestedInfo=0x0, puResponse=0x19f430 | out: puResponse=0x19f430*=0xc15) returned 0x0 [0136.119] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81df18, puCount=0x19f428 | out: puCount=0x19f428*=0x0) returned 0x0 [0136.119] WbemDefPath:IWbemPath:GetInfo (in: This=0x81df18, uRequestedInfo=0x0, puResponse=0x19f430 | out: puResponse=0x19f430*=0xc15) returned 0x0 [0136.119] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81df18, puCount=0x19f418 | out: puCount=0x19f418*=0x0) returned 0x0 [0136.119] WbemDefPath:IWbemPath:GetText (in: This=0x81df18, lFlags=2, puBuffLength=0x19f414*=0x0, pszText=0x0 | out: puBuffLength=0x19f414*=0x10, pszText=0x0) returned 0x0 [0136.119] WbemDefPath:IWbemPath:GetText (in: This=0x81df18, lFlags=2, puBuffLength=0x19f414*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f414*=0x10, pszText="win32_processor") returned 0x0 [0136.119] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81df18, puCount=0x19f418 | out: puCount=0x19f418*=0x0) returned 0x0 [0136.119] WbemDefPath:IWbemPath:GetText (in: This=0x81df18, lFlags=2, puBuffLength=0x19f414*=0x0, pszText=0x0 | out: puBuffLength=0x19f414*=0x10, pszText=0x0) returned 0x0 [0136.119] WbemDefPath:IWbemPath:GetText (in: This=0x81df18, lFlags=2, puBuffLength=0x19f414*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f414*=0x10, pszText="win32_processor") returned 0x0 [0136.120] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81df18, puCount=0x19f3a8 | out: puCount=0x19f3a8*=0x0) returned 0x0 [0136.120] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40c [0136.120] SetEvent (hEvent=0x3e0) returned 1 [0136.120] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19ec0c*=0x40c, lpdwindex=0x19ea2c | out: lpdwindex=0x19ea2c) returned 0x0 [0136.123] CoGetContextToken (in: pToken=0x19ead8 | out: pToken=0x19ead8) returned 0x0 [0136.123] CoGetContextToken (in: pToken=0x19ea38 | out: pToken=0x19ea38) returned 0x0 [0136.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e298, riid=0x19eb08*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19eb04 | out: ppvObject=0x19eb04*=0x81e298) returned 0x0 [0136.123] WbemDefPath:IUnknown:AddRef (This=0x81e298) returned 0x3 [0136.123] WbemDefPath:IUnknown:Release (This=0x81e298) returned 0x2 [0136.123] WbemDefPath:IWbemPath:SetText (This=0x81e298, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0136.123] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e298, puCount=0x19f394 | out: puCount=0x19f394*=0x2) returned 0x0 [0136.123] WbemDefPath:IWbemPath:GetText (in: This=0x81e298, lFlags=4, puBuffLength=0x19f390*=0x0, pszText=0x0 | out: puBuffLength=0x19f390*=0xf, pszText=0x0) returned 0x0 [0136.123] WbemDefPath:IWbemPath:GetText (in: This=0x81e298, lFlags=4, puBuffLength=0x19f390*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f390*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.123] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x410 [0136.123] SetEvent (hEvent=0x3e0) returned 1 [0136.123] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2f0*=0x410, lpdwindex=0x19f10c | out: lpdwindex=0x19f10c) returned 0x0 [0136.126] CoGetContextToken (in: pToken=0x19f1c0 | out: pToken=0x19f1c0) returned 0x0 [0136.126] CoGetContextToken (in: pToken=0x19f120 | out: pToken=0x19f120) returned 0x0 [0136.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e228, riid=0x19f1f0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x81e228) returned 0x0 [0136.126] WbemDefPath:IUnknown:AddRef (This=0x81e228) returned 0x3 [0136.126] WbemDefPath:IUnknown:Release (This=0x81e228) returned 0x2 [0136.126] WbemDefPath:IWbemPath:SetText (This=0x81e228, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0136.126] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e228, puCount=0x19f36c | out: puCount=0x19f36c*=0x2) returned 0x0 [0136.126] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=4, puBuffLength=0x19f368*=0x0, pszText=0x0 | out: puBuffLength=0x19f368*=0xf, pszText=0x0) returned 0x0 [0136.126] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=4, puBuffLength=0x19f368*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f368*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.277] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f28c*=0x424, lpdwindex=0x19f13c | out: lpdwindex=0x19f13c) returned 0x0 [0136.738] CoGetContextToken (in: pToken=0x19f088 | out: pToken=0x19f088) returned 0x0 [0136.738] CoGetContextToken (in: pToken=0x19f030 | out: pToken=0x19f030) returned 0x0 [0136.738] IUnknown:QueryInterface (in: This=0x7e0158, riid=0x6d6b8724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f010 | out: ppvObject=0x19f010*=0x7e0168) returned 0x0 [0136.738] CObjectContext::ContextCallback () returned 0x0 [0136.745] IUnknown:Release (This=0x7e0168) returned 0x1 [0136.745] CoUnmarshalInterface (in: pStm=0x81a890, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f078 | out: ppv=0x19f078*=0x7f9c30) returned 0x0 [0136.745] CoMarshalInterface (pStm=0x81a890, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7f9c30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0136.746] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef1c | out: ppvObject=0x19ef1c*=0x7f9c30) returned 0x0 [0136.746] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eed8 | out: ppvObject=0x19eed8*=0x0) returned 0x80004002 [0136.747] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x0) returned 0x80004002 [0136.748] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eacc | out: ppvObject=0x19eacc*=0x0) returned 0x80004002 [0136.749] WbemLocator:IUnknown:AddRef (This=0x7f9c30) returned 0x3 [0136.749] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e834 | out: ppvObject=0x19e834*=0x0) returned 0x80004002 [0136.749] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7e4 | out: ppvObject=0x19e7e4*=0x0) returned 0x80004002 [0136.749] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7f0 | out: ppvObject=0x19e7f0*=0x7f9b8c) returned 0x0 [0136.750] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f9b8c, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e7f8 | out: pCid=0x19e7f8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.750] WbemLocator:IUnknown:Release (This=0x7f9b8c) returned 0x3 [0136.750] CoGetContextToken (in: pToken=0x19e850 | out: pToken=0x19e850) returned 0x0 [0136.750] CoGetContextToken (in: pToken=0x19ec58 | out: pToken=0x19ec58) returned 0x0 [0136.750] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ece8 | out: ppvObject=0x19ece8*=0x7f9c14) returned 0x0 [0136.750] WbemLocator:IRpcOptions:Query (in: This=0x7f9c14, pPrx=0x7f9c30, dwProperty=2, pdwValue=0x19ed10 | out: pdwValue=0x19ed10) returned 0x0 [0136.750] WbemLocator:IUnknown:Release (This=0x7f9c14) returned 0x3 [0136.750] WbemLocator:IUnknown:Release (This=0x7f9c30) returned 0x2 [0136.750] WbemLocator:IUnknown:Release (This=0x7f9c30) returned 0x1 [0136.750] CoGetContextToken (in: pToken=0x19efc8 | out: pToken=0x19efc8) returned 0x0 [0136.750] WbemLocator:IUnknown:AddRef (This=0x7f9c30) returned 0x2 [0136.750] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f280 | out: ppvObject=0x19f280*=0x7f9c0c) returned 0x0 [0136.750] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7f9c0c, pProxy=0x7f9c30, pAuthnSvc=0x19f2d0, pAuthzSvc=0x19f2cc, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8, pImpLevel=0x19f2b8, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0 | out: pAuthnSvc=0x19f2d0*=0xa, pAuthzSvc=0x19f2cc*=0x0, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8*=0x6, pImpLevel=0x19f2b8*=0x2, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0*=0x1) returned 0x0 [0136.750] WbemLocator:IUnknown:Release (This=0x7f9c0c) returned 0x2 [0136.750] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f274 | out: ppvObject=0x19f274*=0x7f9c30) returned 0x0 [0136.750] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x7f9c0c) returned 0x0 [0136.750] WbemLocator:IClientSecurity:SetBlanket (This=0x7f9c0c, pProxy=0x7f9c30, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0136.751] WbemLocator:IUnknown:Release (This=0x7f9c0c) returned 0x3 [0136.751] WbemLocator:IUnknown:Release (This=0x7f9c30) returned 0x2 [0136.751] CoTaskMemFree (pv=0x83dcb0) [0136.751] WbemLocator:IUnknown:Release (This=0x7f9c30) returned 0x1 [0136.751] SysStringLen (param_1=0x0) returned 0x0 [0136.751] CoGetContextToken (in: pToken=0x19f238 | out: pToken=0x19f238) returned 0x0 [0136.751] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0136.751] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x19f268*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f264 | out: ppvObject=0x19f264*=0x7d2510) returned 0x0 [0136.752] WbemLocator:IUnknown:AddRef (This=0x7d2510) returned 0x3 [0136.752] WbemLocator:IUnknown:Release (This=0x7d2510) returned 0x2 [0136.752] CoGetContextToken (in: pToken=0x19f1f8 | out: pToken=0x19f1f8) returned 0x0 [0136.752] WbemLocator:IUnknown:AddRef (This=0x7d2510) returned 0x3 [0136.753] WbemLocator:IUnknown:QueryInterface (in: This=0x7d2510, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f280 | out: ppvObject=0x19f280*=0x7f9c0c) returned 0x0 [0136.753] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7f9c0c, pProxy=0x7d2510, pAuthnSvc=0x19f2d0, pAuthzSvc=0x19f2cc, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8, pImpLevel=0x19f2b8, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0 | out: pAuthnSvc=0x19f2d0*=0xa, pAuthzSvc=0x19f2cc*=0x0, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8*=0x6, pImpLevel=0x19f2b8*=0x2, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0*=0x1) returned 0x0 [0136.753] WbemLocator:IUnknown:Release (This=0x7f9c0c) returned 0x3 [0136.753] WbemLocator:IUnknown:QueryInterface (in: This=0x7d2510, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f274 | out: ppvObject=0x19f274*=0x7f9c30) returned 0x0 [0136.753] WbemLocator:IUnknown:QueryInterface (in: This=0x7d2510, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x7f9c0c) returned 0x0 [0136.753] WbemLocator:IClientSecurity:SetBlanket (This=0x7f9c0c, pProxy=0x7d2510, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0136.753] WbemLocator:IUnknown:Release (This=0x7f9c0c) returned 0x4 [0136.753] WbemLocator:IUnknown:Release (This=0x7f9c30) returned 0x3 [0136.753] CoTaskMemFree (pv=0x83de90) [0136.753] WbemLocator:IUnknown:Release (This=0x7d2510) returned 0x2 [0136.753] SysStringLen (param_1=0x0) returned 0x0 [0136.754] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e228, puCount=0x19f390 | out: puCount=0x19f390*=0x2) returned 0x0 [0136.754] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=4, puBuffLength=0x19f38c*=0x0, pszText=0x0 | out: puBuffLength=0x19f38c*=0xf, pszText=0x0) returned 0x0 [0136.754] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=4, puBuffLength=0x19f38c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f38c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.754] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0136.754] CoUnmarshalInterface (in: pStm=0x81a890, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eff0 | out: ppv=0x19eff0*=0x7f9c30) returned 0x0 [0136.754] CoMarshalInterface (pStm=0x81a890, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7f9c30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0136.755] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee94 | out: ppvObject=0x19ee94*=0x7f9c30) returned 0x0 [0136.755] WbemLocator:IUnknown:Release (This=0x7f9c30) returned 0x3 [0136.755] WbemLocator:IUnknown:Release (This=0x7f9c30) returned 0x2 [0136.755] CoGetContextToken (in: pToken=0x19ef40 | out: pToken=0x19ef40) returned 0x0 [0136.755] WbemLocator:IUnknown:AddRef (This=0x7f9c30) returned 0x3 [0136.755] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x7f9c0c) returned 0x0 [0136.755] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7f9c0c, pProxy=0x7f9c30, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x3, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x20) returned 0x0 [0136.755] WbemLocator:IUnknown:Release (This=0x7f9c0c) returned 0x3 [0136.755] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x7f9c30) returned 0x0 [0136.755] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9c30, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x7f9c0c) returned 0x0 [0136.755] WbemLocator:IClientSecurity:SetBlanket (This=0x7f9c0c, pProxy=0x7f9c30, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0136.755] WbemLocator:IUnknown:Release (This=0x7f9c0c) returned 0x4 [0136.755] WbemLocator:IUnknown:Release (This=0x7f9c30) returned 0x3 [0136.755] WbemLocator:IUnknown:Release (This=0x7f9c30) returned 0x2 [0136.755] SysStringLen (param_1=0x0) returned 0x0 [0136.755] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0136.755] WbemLocator:IUnknown:AddRef (This=0x7d2510) returned 0x3 [0136.755] WbemLocator:IUnknown:Release (This=0x7d2510) returned 0x2 [0136.755] CoGetContextToken (in: pToken=0x19f170 | out: pToken=0x19f170) returned 0x0 [0136.755] WbemLocator:IUnknown:AddRef (This=0x7d2510) returned 0x3 [0136.756] WbemLocator:IUnknown:QueryInterface (in: This=0x7d2510, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x7f9c0c) returned 0x0 [0136.756] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7f9c0c, pProxy=0x7d2510, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x3, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x20) returned 0x0 [0136.756] WbemLocator:IUnknown:Release (This=0x7f9c0c) returned 0x3 [0136.756] WbemLocator:IUnknown:QueryInterface (in: This=0x7d2510, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x7f9c30) returned 0x0 [0136.756] WbemLocator:IUnknown:QueryInterface (in: This=0x7d2510, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x7f9c0c) returned 0x0 [0136.756] WbemLocator:IClientSecurity:SetBlanket (This=0x7f9c0c, pProxy=0x7d2510, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0136.756] WbemLocator:IUnknown:Release (This=0x7f9c0c) returned 0x4 [0136.756] WbemLocator:IUnknown:Release (This=0x7f9c30) returned 0x3 [0136.756] WbemLocator:IUnknown:Release (This=0x7d2510) returned 0x2 [0136.756] SysStringLen (param_1=0x0) returned 0x0 [0136.756] WbemDefPath:IWbemPath:GetText (in: This=0x81df18, lFlags=2, puBuffLength=0x19f394*=0x0, pszText=0x0 | out: puBuffLength=0x19f394*=0x10, pszText=0x0) returned 0x0 [0136.756] WbemDefPath:IWbemPath:GetText (in: This=0x81df18, lFlags=2, puBuffLength=0x19f394*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f394*=0x10, pszText="win32_processor") returned 0x0 [0136.762] IWbemServices:GetObject (in: This=0x7d2510, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x19f348*=0x0, ppCallResult=0x0 | out: ppObject=0x19f348*=0x83e7a8, ppCallResult=0x0) returned 0x0 [0136.775] IWbemClassObject:Get (in: This=0x83e7a8, wszName="__PATH", lFlags=0, pVal=0x19f330*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3d8*=0, plFlavor=0x19f3d4*=0 | out: pVal=0x19f330*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x19f3d8*=8, plFlavor=0x19f3d4*=64) returned 0x0 [0136.777] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0136.777] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0136.778] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x45c [0136.778] SetEvent (hEvent=0x3e0) returned 1 [0136.778] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2ec*=0x45c, lpdwindex=0x19f10c | out: lpdwindex=0x19f10c) returned 0x0 [0136.780] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0136.780] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0136.780] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df88, riid=0x19f1e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x81df88) returned 0x0 [0136.780] WbemDefPath:IUnknown:AddRef (This=0x81df88) returned 0x3 [0136.780] WbemDefPath:IUnknown:Release (This=0x81df88) returned 0x2 [0136.780] WbemDefPath:IWbemPath:SetText (This=0x81df88, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x0 [0136.780] IWbemClassObject:Get (in: This=0x83e7a8, wszName="__CLASS", lFlags=0, pVal=0x19f3a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f420*=0, plFlavor=0x19f41c*=0 | out: pVal=0x19f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x19f420*=8, plFlavor=0x19f41c*=64) returned 0x0 [0136.780] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0136.780] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0136.780] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0136.780] WbemLocator:IUnknown:AddRef (This=0x7d2510) returned 0x3 [0136.780] IWbemServices:CreateInstanceEnum (in: This=0x7d2510, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x19f39c | out: ppEnum=0x19f39c*=0x833358) returned 0x0 [0136.783] IUnknown:QueryInterface (in: This=0x833358, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f230 | out: ppvObject=0x19f230*=0x83335c) returned 0x0 [0136.783] IClientSecurity:QueryBlanket (in: This=0x83335c, pProxy=0x833358, pAuthnSvc=0x19f280, pAuthzSvc=0x19f27c, pServerPrincName=0x19f274, pAuthnLevel=0x19f278, pImpLevel=0x19f268, pAuthInfo=0x19f26c, pCapabilites=0x19f270 | out: pAuthnSvc=0x19f280*=0xa, pAuthzSvc=0x19f27c*=0x0, pServerPrincName=0x19f274, pAuthnLevel=0x19f278*=0x6, pImpLevel=0x19f268*=0x2, pAuthInfo=0x19f26c, pCapabilites=0x19f270*=0x1) returned 0x0 [0136.783] IUnknown:Release (This=0x83335c) returned 0x1 [0136.783] IUnknown:QueryInterface (in: This=0x833358, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x7f9d30) returned 0x0 [0136.783] IUnknown:QueryInterface (in: This=0x833358, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f220 | out: ppvObject=0x19f220*=0x83335c) returned 0x0 [0136.783] IClientSecurity:SetBlanket (This=0x83335c, pProxy=0x833358, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0136.788] IUnknown:Release (This=0x83335c) returned 0x2 [0136.789] WbemLocator:IUnknown:Release (This=0x7f9d30) returned 0x1 [0136.789] CoTaskMemFree (pv=0x83da70) [0136.789] IUnknown:QueryInterface (in: This=0x833358, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee18 | out: ppvObject=0x19ee18*=0x7f9d30) returned 0x0 [0136.789] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9d30, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edd4 | out: ppvObject=0x19edd4*=0x0) returned 0x80004002 [0136.798] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9d30, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebf4 | out: ppvObject=0x19ebf4*=0x0) returned 0x80004002 [0136.891] IUnknown:QueryInterface (in: This=0x833358, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9cc | out: ppvObject=0x19e9cc*=0x0) returned 0x80004002 [0136.936] WbemLocator:IUnknown:AddRef (This=0x7f9d30) returned 0x3 [0136.936] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9d30, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e734 | out: ppvObject=0x19e734*=0x0) returned 0x80004002 [0136.936] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9d30, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6e4 | out: ppvObject=0x19e6e4*=0x0) returned 0x80004002 [0136.936] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9d30, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6f0 | out: ppvObject=0x19e6f0*=0x7f9c8c) returned 0x0 [0136.936] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f9c8c, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6f8 | out: pCid=0x19e6f8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.936] WbemLocator:IUnknown:Release (This=0x7f9c8c) returned 0x3 [0136.936] CoGetContextToken (in: pToken=0x19e750 | out: pToken=0x19e750) returned 0x0 [0136.937] CoGetContextToken (in: pToken=0x19eb58 | out: pToken=0x19eb58) returned 0x0 [0136.937] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9d30, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebe8 | out: ppvObject=0x19ebe8*=0x7f9d14) returned 0x0 [0136.937] WbemLocator:IRpcOptions:Query (in: This=0x7f9d14, pPrx=0x7f9d30, dwProperty=2, pdwValue=0x19ec10 | out: pdwValue=0x19ec10) returned 0x80004002 [0136.937] WbemLocator:IUnknown:Release (This=0x7f9d14) returned 0x3 [0136.937] WbemLocator:IUnknown:Release (This=0x7f9d30) returned 0x2 [0136.937] CoGetContextToken (in: pToken=0x19f128 | out: pToken=0x19f128) returned 0x0 [0136.937] CoGetContextToken (in: pToken=0x19f088 | out: pToken=0x19f088) returned 0x0 [0136.937] WbemLocator:IUnknown:QueryInterface (in: This=0x7f9d30, riid=0x19f158*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f154 | out: ppvObject=0x19f154*=0x833358) returned 0x0 [0136.937] IUnknown:AddRef (This=0x833358) returned 0x4 [0136.937] IUnknown:Release (This=0x833358) returned 0x3 [0136.937] IUnknown:Release (This=0x833358) returned 0x2 [0136.937] WbemLocator:IUnknown:Release (This=0x7d2510) returned 0x2 [0136.937] SysStringLen (param_1=0x0) returned 0x0 [0136.937] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e228, puCount=0x19f3d8 | out: puCount=0x19f3d8*=0x2) returned 0x0 [0136.937] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=4, puBuffLength=0x19f3d4*=0x0, pszText=0x0 | out: puBuffLength=0x19f3d4*=0xf, pszText=0x0) returned 0x0 [0136.938] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=4, puBuffLength=0x19f3d4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3d4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.938] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0136.938] IUnknown:AddRef (This=0x833358) returned 0x3 [0136.938] IEnumWbemClassObject:Clone (in: This=0x833358, ppEnum=0x19f3d8 | out: ppEnum=0x19f3d8*=0x833420) returned 0x0 [0136.983] IUnknown:QueryInterface (in: This=0x833420, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x833424) returned 0x0 [0136.983] IClientSecurity:QueryBlanket (in: This=0x833424, pProxy=0x833420, pAuthnSvc=0x19f2ec, pAuthzSvc=0x19f2e8, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4, pImpLevel=0x19f2d4, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc | out: pAuthnSvc=0x19f2ec*=0xa, pAuthzSvc=0x19f2e8*=0x0, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4*=0x6, pImpLevel=0x19f2d4*=0x2, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc*=0x1) returned 0x0 [0136.983] IUnknown:Release (This=0x833424) returned 0x1 [0136.983] IUnknown:QueryInterface (in: This=0x833420, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x7fa330) returned 0x0 [0136.984] IUnknown:QueryInterface (in: This=0x833420, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x833424) returned 0x0 [0136.984] IClientSecurity:SetBlanket (This=0x833424, pProxy=0x833420, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0137.269] IUnknown:Release (This=0x833424) returned 0x2 [0137.269] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x1 [0137.270] CoTaskMemFree (pv=0x83dd40) [0137.270] IUnknown:QueryInterface (in: This=0x833420, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee78 | out: ppvObject=0x19ee78*=0x7fa330) returned 0x0 [0137.270] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee34 | out: ppvObject=0x19ee34*=0x0) returned 0x80004002 [0137.495] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec54 | out: ppvObject=0x19ec54*=0x0) returned 0x80004002 [0137.579] IUnknown:QueryInterface (in: This=0x833420, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea2c | out: ppvObject=0x19ea2c*=0x0) returned 0x80004002 [0137.621] WbemLocator:IUnknown:AddRef (This=0x7fa330) returned 0x3 [0137.621] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0137.621] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e744 | out: ppvObject=0x19e744*=0x0) returned 0x80004002 [0137.621] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e750 | out: ppvObject=0x19e750*=0x7fa28c) returned 0x0 [0137.621] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7fa28c, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e758 | out: pCid=0x19e758*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.621] WbemLocator:IUnknown:Release (This=0x7fa28c) returned 0x3 [0137.621] CoGetContextToken (in: pToken=0x19e7b0 | out: pToken=0x19e7b0) returned 0x0 [0137.621] CoGetContextToken (in: pToken=0x19ebb8 | out: pToken=0x19ebb8) returned 0x0 [0137.621] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec48 | out: ppvObject=0x19ec48*=0x7fa314) returned 0x0 [0137.621] WbemLocator:IRpcOptions:Query (in: This=0x7fa314, pPrx=0x7fa330, dwProperty=2, pdwValue=0x19ec70 | out: pdwValue=0x19ec70) returned 0x80004002 [0137.621] WbemLocator:IUnknown:Release (This=0x7fa314) returned 0x3 [0137.621] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x2 [0137.621] CoGetContextToken (in: pToken=0x19f188 | out: pToken=0x19f188) returned 0x0 [0137.621] CoGetContextToken (in: pToken=0x19f0e8 | out: pToken=0x19f0e8) returned 0x0 [0137.621] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x19f1b8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1b4 | out: ppvObject=0x19f1b4*=0x833420) returned 0x0 [0137.622] IUnknown:AddRef (This=0x833420) returned 0x4 [0137.622] IUnknown:Release (This=0x833420) returned 0x3 [0137.622] IUnknown:Release (This=0x833420) returned 0x2 [0137.622] IUnknown:Release (This=0x833358) returned 0x2 [0137.622] SysStringLen (param_1=0x0) returned 0x0 [0137.622] IEnumWbemClassObject:Reset (This=0x833420) returned 0x0 [0137.665] CoTaskMemAlloc (cb=0x4) returned 0x835b70 [0137.665] IEnumWbemClassObject:Next (in: This=0x833420, lTimeout=-1, uCount=0x1, apObjects=0x835b70, puReturned=0x22d736c | out: apObjects=0x835b70*=0x848b48, puReturned=0x22d736c*=0x1) returned 0x0 [0139.281] IUnknown:QueryInterface (in: This=0x848b48, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x848b48) returned 0x0 [0139.281] IUnknown:QueryInterface (in: This=0x848b48, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x0) returned 0x80004002 [0139.281] IUnknown:QueryInterface (in: This=0x848b48, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0139.281] IUnknown:QueryInterface (in: This=0x848b48, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0139.282] IUnknown:AddRef (This=0x848b48) returned 0x3 [0139.282] IUnknown:QueryInterface (in: This=0x848b48, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0139.282] IUnknown:QueryInterface (in: This=0x848b48, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0139.282] IUnknown:QueryInterface (in: This=0x848b48, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x848b4c) returned 0x0 [0139.282] IMarshal:GetUnmarshalClass (in: This=0x848b4c, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0139.282] IUnknown:Release (This=0x848b4c) returned 0x3 [0139.282] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0139.282] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0139.282] IUnknown:QueryInterface (in: This=0x848b48, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0139.282] IUnknown:Release (This=0x848b48) returned 0x2 [0139.282] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0139.282] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0139.282] IUnknown:QueryInterface (in: This=0x848b48, riid=0x19ed78*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x848b48) returned 0x0 [0139.282] IUnknown:AddRef (This=0x848b48) returned 0x4 [0139.282] IUnknown:Release (This=0x848b48) returned 0x3 [0139.282] IUnknown:Release (This=0x848b48) returned 0x2 [0139.283] CoTaskMemFree (pv=0x835b70) [0139.283] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0139.283] IUnknown:AddRef (This=0x848b48) returned 0x3 [0139.283] IWbemClassObject:Get (in: This=0x848b48, wszName="__GENUS", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f448*=0, plFlavor=0x19f444*=0 | out: pVal=0x19f3c8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f448*=3, plFlavor=0x19f444*=64) returned 0x0 [0139.283] IWbemClassObject:Get (in: This=0x848b48, wszName="__PATH", lFlags=0, pVal=0x19f3ac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f430*=0, plFlavor=0x19f42c*=0 | out: pVal=0x19f3ac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19f430*=8, plFlavor=0x19f42c*=64) returned 0x0 [0139.283] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0139.283] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0139.283] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x460 [0139.283] SetEvent (hEvent=0x3e0) returned 1 [0139.284] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f384*=0x460, lpdwindex=0x19f1a4 | out: lpdwindex=0x19f1a4) returned 0x0 [0139.286] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0139.286] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0139.286] WbemDefPath:IUnknown:QueryInterface (in: This=0x81dff8, riid=0x19f280*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x81dff8) returned 0x0 [0139.286] WbemDefPath:IUnknown:AddRef (This=0x81dff8) returned 0x3 [0139.286] WbemDefPath:IUnknown:Release (This=0x81dff8) returned 0x2 [0139.286] WbemDefPath:IWbemPath:SetText (This=0x81dff8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0139.286] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e228, puCount=0x19f404 | out: puCount=0x19f404*=0x2) returned 0x0 [0139.286] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=4, puBuffLength=0x19f400*=0x0, pszText=0x0 | out: puBuffLength=0x19f400*=0xf, pszText=0x0) returned 0x0 [0139.286] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=4, puBuffLength=0x19f400*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f400*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.286] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e228, puCount=0x19f3e4 | out: puCount=0x19f3e4*=0x2) returned 0x0 [0139.286] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=4, puBuffLength=0x19f3e0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e0*=0xf, pszText=0x0) returned 0x0 [0139.286] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=4, puBuffLength=0x19f3e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.289] IWbemClassObject:Get (in: This=0x848b48, wszName="processorID", lFlags=0, pVal=0x19f3e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22d7c1c*=0, plFlavor=0x22d7c20*=0 | out: pVal=0x19f3e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050657", varVal2=0x0), pType=0x22d7c1c*=8, plFlavor=0x22d7c20*=0) returned 0x0 [0139.289] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20 [0139.289] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20 [0139.289] IWbemClassObject:Get (in: This=0x848b48, wszName="processorID", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22d7c1c*=8, plFlavor=0x22d7c20*=0 | out: pVal=0x19f3e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050657", varVal2=0x0), pType=0x22d7c1c*=8, plFlavor=0x22d7c20*=0) returned 0x0 [0139.289] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20 [0139.289] SysStringByteLen (bstr="0F8BFBFF00050657") returned 0x20 [0139.290] CoTaskMemAlloc (cb=0x4) returned 0x835c10 [0139.290] IEnumWbemClassObject:Next (in: This=0x833420, lTimeout=-1, uCount=0x1, apObjects=0x835c10, puReturned=0x22d736c | out: apObjects=0x835c10*=0x0, puReturned=0x22d736c*=0x0) returned 0x1 [0139.291] CoTaskMemFree (pv=0x835c10) [0139.292] CoGetContextToken (in: pToken=0x19f300 | out: pToken=0x19f300) returned 0x0 [0139.292] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x1 [0139.292] IUnknown:Release (This=0x833420) returned 0x0 [0139.307] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x464 [0139.307] SetEvent (hEvent=0x3e0) returned 1 [0139.307] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a8*=0x464, lpdwindex=0x19f1c4 | out: lpdwindex=0x19f1c4) returned 0x0 [0139.310] CoGetContextToken (in: pToken=0x19f278 | out: pToken=0x19f278) returned 0x0 [0139.310] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0139.310] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e1b8, riid=0x19f2a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2a4 | out: ppvObject=0x19f2a4*=0x81e1b8) returned 0x0 [0139.310] WbemDefPath:IUnknown:AddRef (This=0x81e1b8) returned 0x3 [0139.310] WbemDefPath:IUnknown:Release (This=0x81e1b8) returned 0x2 [0139.310] WbemDefPath:IWbemPath:SetText (This=0x81e1b8, uMode=0x4, pszPath="Win32_NetworkAdapterConfiguration") returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e1b8, puCount=0x19f428 | out: puCount=0x19f428*=0x0) returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetText (in: This=0x81e1b8, lFlags=2, puBuffLength=0x19f424*=0x0, pszText=0x0 | out: puBuffLength=0x19f424*=0x22, pszText=0x0) returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetText (in: This=0x81e1b8, lFlags=2, puBuffLength=0x19f424*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f424*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetInfo (in: This=0x81e1b8, uRequestedInfo=0x0, puResponse=0x19f430 | out: puResponse=0x19f430*=0xc15) returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e1b8, puCount=0x19f428 | out: puCount=0x19f428*=0x0) returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetInfo (in: This=0x81e1b8, uRequestedInfo=0x0, puResponse=0x19f430 | out: puResponse=0x19f430*=0xc15) returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e1b8, puCount=0x19f418 | out: puCount=0x19f418*=0x0) returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetText (in: This=0x81e1b8, lFlags=2, puBuffLength=0x19f414*=0x0, pszText=0x0 | out: puBuffLength=0x19f414*=0x22, pszText=0x0) returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetText (in: This=0x81e1b8, lFlags=2, puBuffLength=0x19f414*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f414*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e1b8, puCount=0x19f418 | out: puCount=0x19f418*=0x0) returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetText (in: This=0x81e1b8, lFlags=2, puBuffLength=0x19f414*=0x0, pszText=0x0 | out: puBuffLength=0x19f414*=0x22, pszText=0x0) returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetText (in: This=0x81e1b8, lFlags=2, puBuffLength=0x19f414*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f414*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e1b8, puCount=0x19f3a8 | out: puCount=0x19f3a8*=0x0) returned 0x0 [0139.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e298, puCount=0x19f394 | out: puCount=0x19f394*=0x2) returned 0x0 [0139.311] WbemDefPath:IWbemPath:GetText (in: This=0x81e298, lFlags=4, puBuffLength=0x19f390*=0x0, pszText=0x0 | out: puBuffLength=0x19f390*=0xf, pszText=0x0) returned 0x0 [0139.311] WbemDefPath:IWbemPath:GetText (in: This=0x81e298, lFlags=4, puBuffLength=0x19f390*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f390*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.311] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x468 [0139.311] SetEvent (hEvent=0x3e0) returned 1 [0139.311] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2f0*=0x468, lpdwindex=0x19f10c | out: lpdwindex=0x19f10c) returned 0x0 [0139.312] CoGetContextToken (in: pToken=0x19f1c0 | out: pToken=0x19f1c0) returned 0x0 [0139.313] CoGetContextToken (in: pToken=0x19f120 | out: pToken=0x19f120) returned 0x0 [0139.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e378, riid=0x19f1f0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x81e378) returned 0x0 [0139.313] WbemDefPath:IUnknown:AddRef (This=0x81e378) returned 0x3 [0139.313] WbemDefPath:IUnknown:Release (This=0x81e378) returned 0x2 [0139.313] WbemDefPath:IWbemPath:SetText (This=0x81e378, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0139.313] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x19f36c | out: puCount=0x19f36c*=0x2) returned 0x0 [0139.313] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f368*=0x0, pszText=0x0 | out: puBuffLength=0x19f368*=0xf, pszText=0x0) returned 0x0 [0139.313] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f368*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f368*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.319] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f28c*=0x47c, lpdwindex=0x19f13c | out: lpdwindex=0x19f13c) returned 0x0 [0139.331] CoGetContextToken (in: pToken=0x19f088 | out: pToken=0x19f088) returned 0x0 [0139.331] CoGetContextToken (in: pToken=0x19f030 | out: pToken=0x19f030) returned 0x0 [0139.331] IUnknown:QueryInterface (in: This=0x7e0158, riid=0x6d6b8724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f010 | out: ppvObject=0x19f010*=0x7e0168) returned 0x0 [0139.331] CObjectContext::ContextCallback () returned 0x0 [0139.332] IUnknown:Release (This=0x7e0168) returned 0x1 [0139.333] CoUnmarshalInterface (in: pStm=0x81a950, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f078 | out: ppv=0x19f078*=0x7fa330) returned 0x0 [0139.333] CoMarshalInterface (pStm=0x81a950, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7fa330, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0139.333] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef1c | out: ppvObject=0x19ef1c*=0x7fa330) returned 0x0 [0139.333] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eed8 | out: ppvObject=0x19eed8*=0x0) returned 0x80004002 [0139.333] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x0) returned 0x80004002 [0139.334] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eacc | out: ppvObject=0x19eacc*=0x0) returned 0x80004002 [0139.334] WbemLocator:IUnknown:AddRef (This=0x7fa330) returned 0x3 [0139.334] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e834 | out: ppvObject=0x19e834*=0x0) returned 0x80004002 [0139.334] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7e4 | out: ppvObject=0x19e7e4*=0x0) returned 0x80004002 [0139.334] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7f0 | out: ppvObject=0x19e7f0*=0x7fa28c) returned 0x0 [0139.334] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7fa28c, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e7f8 | out: pCid=0x19e7f8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.334] WbemLocator:IUnknown:Release (This=0x7fa28c) returned 0x3 [0139.334] CoGetContextToken (in: pToken=0x19e850 | out: pToken=0x19e850) returned 0x0 [0139.334] CoGetContextToken (in: pToken=0x19ec58 | out: pToken=0x19ec58) returned 0x0 [0139.334] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ece8 | out: ppvObject=0x19ece8*=0x7fa314) returned 0x0 [0139.335] WbemLocator:IRpcOptions:Query (in: This=0x7fa314, pPrx=0x7fa330, dwProperty=2, pdwValue=0x19ed10 | out: pdwValue=0x19ed10) returned 0x0 [0139.335] WbemLocator:IUnknown:Release (This=0x7fa314) returned 0x3 [0139.335] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x2 [0139.335] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x1 [0139.335] CoGetContextToken (in: pToken=0x19efc8 | out: pToken=0x19efc8) returned 0x0 [0139.335] WbemLocator:IUnknown:AddRef (This=0x7fa330) returned 0x2 [0139.335] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f280 | out: ppvObject=0x19f280*=0x7fa30c) returned 0x0 [0139.335] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fa30c, pProxy=0x7fa330, pAuthnSvc=0x19f2d0, pAuthzSvc=0x19f2cc, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8, pImpLevel=0x19f2b8, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0 | out: pAuthnSvc=0x19f2d0*=0xa, pAuthzSvc=0x19f2cc*=0x0, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8*=0x6, pImpLevel=0x19f2b8*=0x2, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0*=0x1) returned 0x0 [0139.335] WbemLocator:IUnknown:Release (This=0x7fa30c) returned 0x2 [0139.335] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f274 | out: ppvObject=0x19f274*=0x7fa330) returned 0x0 [0139.335] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x7fa30c) returned 0x0 [0139.335] WbemLocator:IClientSecurity:SetBlanket (This=0x7fa30c, pProxy=0x7fa330, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0139.335] WbemLocator:IUnknown:Release (This=0x7fa30c) returned 0x3 [0139.335] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x2 [0139.335] CoTaskMemFree (pv=0x83dbf0) [0139.335] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x1 [0139.335] SysStringLen (param_1=0x0) returned 0x0 [0139.336] CoGetContextToken (in: pToken=0x19f238 | out: pToken=0x19f238) returned 0x0 [0139.336] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0139.336] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x19f268*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f264 | out: ppvObject=0x19f264*=0x84a270) returned 0x0 [0139.336] WbemLocator:IUnknown:AddRef (This=0x84a270) returned 0x3 [0139.336] WbemLocator:IUnknown:Release (This=0x84a270) returned 0x2 [0139.336] CoGetContextToken (in: pToken=0x19f1f8 | out: pToken=0x19f1f8) returned 0x0 [0139.336] WbemLocator:IUnknown:AddRef (This=0x84a270) returned 0x3 [0139.336] WbemLocator:IUnknown:QueryInterface (in: This=0x84a270, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f280 | out: ppvObject=0x19f280*=0x7fa30c) returned 0x0 [0139.336] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fa30c, pProxy=0x84a270, pAuthnSvc=0x19f2d0, pAuthzSvc=0x19f2cc, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8, pImpLevel=0x19f2b8, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0 | out: pAuthnSvc=0x19f2d0*=0xa, pAuthzSvc=0x19f2cc*=0x0, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8*=0x6, pImpLevel=0x19f2b8*=0x2, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0*=0x1) returned 0x0 [0139.336] WbemLocator:IUnknown:Release (This=0x7fa30c) returned 0x3 [0139.336] WbemLocator:IUnknown:QueryInterface (in: This=0x84a270, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f274 | out: ppvObject=0x19f274*=0x7fa330) returned 0x0 [0139.336] WbemLocator:IUnknown:QueryInterface (in: This=0x84a270, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x7fa30c) returned 0x0 [0139.336] WbemLocator:IClientSecurity:SetBlanket (This=0x7fa30c, pProxy=0x84a270, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0139.337] WbemLocator:IUnknown:Release (This=0x7fa30c) returned 0x4 [0139.337] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x3 [0139.337] CoTaskMemFree (pv=0x83dbc0) [0139.337] WbemLocator:IUnknown:Release (This=0x84a270) returned 0x2 [0139.337] SysStringLen (param_1=0x0) returned 0x0 [0139.337] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x19f390 | out: puCount=0x19f390*=0x2) returned 0x0 [0139.337] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f38c*=0x0, pszText=0x0 | out: puBuffLength=0x19f38c*=0xf, pszText=0x0) returned 0x0 [0139.337] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f38c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f38c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.337] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0139.337] CoUnmarshalInterface (in: pStm=0x81a950, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eff0 | out: ppv=0x19eff0*=0x7fa330) returned 0x0 [0139.337] CoMarshalInterface (pStm=0x81a950, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7fa330, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0139.338] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee94 | out: ppvObject=0x19ee94*=0x7fa330) returned 0x0 [0139.338] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x3 [0139.338] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x2 [0139.338] CoGetContextToken (in: pToken=0x19ef40 | out: pToken=0x19ef40) returned 0x0 [0139.338] WbemLocator:IUnknown:AddRef (This=0x7fa330) returned 0x3 [0139.338] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x7fa30c) returned 0x0 [0139.338] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fa30c, pProxy=0x7fa330, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x3, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x20) returned 0x0 [0139.338] WbemLocator:IUnknown:Release (This=0x7fa30c) returned 0x3 [0139.338] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x7fa330) returned 0x0 [0139.338] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa330, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x7fa30c) returned 0x0 [0139.338] WbemLocator:IClientSecurity:SetBlanket (This=0x7fa30c, pProxy=0x7fa330, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0139.338] WbemLocator:IUnknown:Release (This=0x7fa30c) returned 0x4 [0139.338] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x3 [0139.339] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x2 [0139.339] SysStringLen (param_1=0x0) returned 0x0 [0139.339] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0139.339] WbemLocator:IUnknown:AddRef (This=0x84a270) returned 0x3 [0139.339] WbemLocator:IUnknown:Release (This=0x84a270) returned 0x2 [0139.339] CoGetContextToken (in: pToken=0x19f170 | out: pToken=0x19f170) returned 0x0 [0139.339] WbemLocator:IUnknown:AddRef (This=0x84a270) returned 0x3 [0139.339] WbemLocator:IUnknown:QueryInterface (in: This=0x84a270, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x7fa30c) returned 0x0 [0139.339] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fa30c, pProxy=0x84a270, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x3, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x20) returned 0x0 [0139.339] WbemLocator:IUnknown:Release (This=0x7fa30c) returned 0x3 [0139.339] WbemLocator:IUnknown:QueryInterface (in: This=0x84a270, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x7fa330) returned 0x0 [0139.339] WbemLocator:IUnknown:QueryInterface (in: This=0x84a270, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x7fa30c) returned 0x0 [0139.339] WbemLocator:IClientSecurity:SetBlanket (This=0x7fa30c, pProxy=0x84a270, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0139.339] WbemLocator:IUnknown:Release (This=0x7fa30c) returned 0x4 [0139.339] WbemLocator:IUnknown:Release (This=0x7fa330) returned 0x3 [0139.340] WbemLocator:IUnknown:Release (This=0x84a270) returned 0x2 [0139.340] SysStringLen (param_1=0x0) returned 0x0 [0139.340] WbemDefPath:IWbemPath:GetText (in: This=0x81e1b8, lFlags=2, puBuffLength=0x19f394*=0x0, pszText=0x0 | out: puBuffLength=0x19f394*=0x22, pszText=0x0) returned 0x0 [0139.340] WbemDefPath:IWbemPath:GetText (in: This=0x81e1b8, lFlags=2, puBuffLength=0x19f394*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f394*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0139.340] IWbemServices:GetObject (in: This=0x84a270, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x19f348*=0x0, ppCallResult=0x0 | out: ppObject=0x19f348*=0x84b0a8, ppCallResult=0x0) returned 0x0 [0139.357] IWbemClassObject:Get (in: This=0x84b0a8, wszName="__PATH", lFlags=0, pVal=0x19f330*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3d8*=0, plFlavor=0x19f3d4*=0 | out: pVal=0x19f330*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x19f3d8*=8, plFlavor=0x19f3d4*=64) returned 0x0 [0139.357] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x6a [0139.357] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x6a [0139.357] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x480 [0139.357] SetEvent (hEvent=0x3e0) returned 1 [0139.357] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2ec*=0x480, lpdwindex=0x19f10c | out: lpdwindex=0x19f10c) returned 0x0 [0139.359] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0139.359] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0139.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e5a8, riid=0x19f1e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x81e5a8) returned 0x0 [0139.359] WbemDefPath:IUnknown:AddRef (This=0x81e5a8) returned 0x3 [0139.359] WbemDefPath:IUnknown:Release (This=0x81e5a8) returned 0x2 [0139.360] WbemDefPath:IWbemPath:SetText (This=0x81e5a8, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x0 [0139.360] IWbemClassObject:Get (in: This=0x84b0a8, wszName="__CLASS", lFlags=0, pVal=0x19f3a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f420*=0, plFlavor=0x19f41c*=0 | out: pVal=0x19f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x19f420*=8, plFlavor=0x19f41c*=64) returned 0x0 [0139.360] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0139.360] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0139.360] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0139.360] WbemLocator:IUnknown:AddRef (This=0x84a270) returned 0x3 [0139.360] IWbemServices:CreateInstanceEnum (in: This=0x84a270, strFilter="Win32_NetworkAdapterConfiguration", lFlags=17, pCtx=0x0, ppEnum=0x19f39c | out: ppEnum=0x19f39c*=0x833420) returned 0x0 [0139.431] IUnknown:QueryInterface (in: This=0x833420, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f20c | out: ppvObject=0x19f20c*=0x833424) returned 0x0 [0139.431] IClientSecurity:QueryBlanket (in: This=0x833424, pProxy=0x833420, pAuthnSvc=0x19f25c, pAuthzSvc=0x19f258, pServerPrincName=0x19f250, pAuthnLevel=0x19f254, pImpLevel=0x19f244, pAuthInfo=0x19f248, pCapabilites=0x19f24c | out: pAuthnSvc=0x19f25c*=0xa, pAuthzSvc=0x19f258*=0x0, pServerPrincName=0x19f250, pAuthnLevel=0x19f254*=0x6, pImpLevel=0x19f244*=0x2, pAuthInfo=0x19f248, pCapabilites=0x19f24c*=0x1) returned 0x0 [0139.431] IUnknown:Release (This=0x833424) returned 0x1 [0139.431] IUnknown:QueryInterface (in: This=0x833420, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f200 | out: ppvObject=0x19f200*=0x865188) returned 0x0 [0139.431] IUnknown:QueryInterface (in: This=0x833420, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x833424) returned 0x0 [0139.431] IClientSecurity:SetBlanket (This=0x833424, pProxy=0x833420, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0139.453] IUnknown:Release (This=0x833424) returned 0x2 [0139.453] WbemLocator:IUnknown:Release (This=0x865188) returned 0x1 [0139.453] CoTaskMemFree (pv=0x83def0) [0139.453] IUnknown:QueryInterface (in: This=0x833420, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edf4 | out: ppvObject=0x19edf4*=0x865188) returned 0x0 [0139.454] WbemLocator:IUnknown:QueryInterface (in: This=0x865188, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edb0 | out: ppvObject=0x19edb0*=0x0) returned 0x80004002 [0139.477] WbemLocator:IUnknown:QueryInterface (in: This=0x865188, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebcc | out: ppvObject=0x19ebcc*=0x0) returned 0x80004002 [0139.485] IUnknown:QueryInterface (in: This=0x833420, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9a4 | out: ppvObject=0x19e9a4*=0x0) returned 0x80004002 [0139.493] WbemLocator:IUnknown:AddRef (This=0x865188) returned 0x3 [0139.493] WbemLocator:IUnknown:QueryInterface (in: This=0x865188, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e70c | out: ppvObject=0x19e70c*=0x0) returned 0x80004002 [0139.493] WbemLocator:IUnknown:QueryInterface (in: This=0x865188, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6bc | out: ppvObject=0x19e6bc*=0x0) returned 0x80004002 [0139.493] WbemLocator:IUnknown:QueryInterface (in: This=0x865188, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6c8 | out: ppvObject=0x19e6c8*=0x8650e4) returned 0x0 [0139.493] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x8650e4, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6d0 | out: pCid=0x19e6d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.493] WbemLocator:IUnknown:Release (This=0x8650e4) returned 0x3 [0139.493] CoGetContextToken (in: pToken=0x19e728 | out: pToken=0x19e728) returned 0x0 [0139.493] CoGetContextToken (in: pToken=0x19eb30 | out: pToken=0x19eb30) returned 0x0 [0139.493] WbemLocator:IUnknown:QueryInterface (in: This=0x865188, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebc0 | out: ppvObject=0x19ebc0*=0x86516c) returned 0x0 [0139.493] WbemLocator:IRpcOptions:Query (in: This=0x86516c, pPrx=0x865188, dwProperty=2, pdwValue=0x19ebe8 | out: pdwValue=0x19ebe8) returned 0x80004002 [0139.493] WbemLocator:IUnknown:Release (This=0x86516c) returned 0x3 [0139.493] WbemLocator:IUnknown:Release (This=0x865188) returned 0x2 [0139.493] CoGetContextToken (in: pToken=0x19f108 | out: pToken=0x19f108) returned 0x0 [0139.493] CoGetContextToken (in: pToken=0x19f068 | out: pToken=0x19f068) returned 0x0 [0139.493] WbemLocator:IUnknown:QueryInterface (in: This=0x865188, riid=0x19f138*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f134 | out: ppvObject=0x19f134*=0x833420) returned 0x0 [0139.494] IUnknown:AddRef (This=0x833420) returned 0x4 [0139.494] IUnknown:Release (This=0x833420) returned 0x3 [0139.494] IUnknown:Release (This=0x833420) returned 0x2 [0139.494] WbemLocator:IUnknown:Release (This=0x84a270) returned 0x2 [0139.494] SysStringLen (param_1=0x0) returned 0x0 [0139.494] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x19f3d8 | out: puCount=0x19f3d8*=0x2) returned 0x0 [0139.494] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f3d4*=0x0, pszText=0x0 | out: puBuffLength=0x19f3d4*=0xf, pszText=0x0) returned 0x0 [0139.494] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f3d4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3d4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.494] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0139.494] IUnknown:AddRef (This=0x833420) returned 0x3 [0139.494] IEnumWbemClassObject:Clone (in: This=0x833420, ppEnum=0x19f3d8 | out: ppEnum=0x19f3d8*=0x834168) returned 0x0 [0139.497] IUnknown:QueryInterface (in: This=0x834168, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x83416c) returned 0x0 [0139.497] IClientSecurity:QueryBlanket (in: This=0x83416c, pProxy=0x834168, pAuthnSvc=0x19f2ec, pAuthzSvc=0x19f2e8, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4, pImpLevel=0x19f2d4, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc | out: pAuthnSvc=0x19f2ec*=0xa, pAuthzSvc=0x19f2e8*=0x0, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4*=0x6, pImpLevel=0x19f2d4*=0x2, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc*=0x1) returned 0x0 [0139.497] IUnknown:Release (This=0x83416c) returned 0x1 [0139.497] IUnknown:QueryInterface (in: This=0x834168, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x864988) returned 0x0 [0139.497] IUnknown:QueryInterface (in: This=0x834168, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x83416c) returned 0x0 [0139.497] IClientSecurity:SetBlanket (This=0x83416c, pProxy=0x834168, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0139.501] IUnknown:Release (This=0x83416c) returned 0x2 [0139.501] WbemLocator:IUnknown:Release (This=0x864988) returned 0x1 [0139.501] CoTaskMemFree (pv=0x83db60) [0139.501] IUnknown:QueryInterface (in: This=0x834168, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee78 | out: ppvObject=0x19ee78*=0x864988) returned 0x0 [0139.501] WbemLocator:IUnknown:QueryInterface (in: This=0x864988, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee34 | out: ppvObject=0x19ee34*=0x0) returned 0x80004002 [0139.502] WbemLocator:IUnknown:QueryInterface (in: This=0x864988, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec54 | out: ppvObject=0x19ec54*=0x0) returned 0x80004002 [0139.503] IUnknown:QueryInterface (in: This=0x834168, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea2c | out: ppvObject=0x19ea2c*=0x0) returned 0x80004002 [0139.504] WbemLocator:IUnknown:AddRef (This=0x864988) returned 0x3 [0139.504] WbemLocator:IUnknown:QueryInterface (in: This=0x864988, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0139.504] WbemLocator:IUnknown:QueryInterface (in: This=0x864988, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e744 | out: ppvObject=0x19e744*=0x0) returned 0x80004002 [0139.504] WbemLocator:IUnknown:QueryInterface (in: This=0x864988, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e750 | out: ppvObject=0x19e750*=0x8648e4) returned 0x0 [0139.504] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x8648e4, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e758 | out: pCid=0x19e758*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.504] WbemLocator:IUnknown:Release (This=0x8648e4) returned 0x3 [0139.504] CoGetContextToken (in: pToken=0x19e7b0 | out: pToken=0x19e7b0) returned 0x0 [0139.505] CoGetContextToken (in: pToken=0x19ebb8 | out: pToken=0x19ebb8) returned 0x0 [0139.505] WbemLocator:IUnknown:QueryInterface (in: This=0x864988, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec48 | out: ppvObject=0x19ec48*=0x86496c) returned 0x0 [0139.505] WbemLocator:IRpcOptions:Query (in: This=0x86496c, pPrx=0x864988, dwProperty=2, pdwValue=0x19ec70 | out: pdwValue=0x19ec70) returned 0x80004002 [0139.505] WbemLocator:IUnknown:Release (This=0x86496c) returned 0x3 [0139.505] WbemLocator:IUnknown:Release (This=0x864988) returned 0x2 [0139.505] CoGetContextToken (in: pToken=0x19f188 | out: pToken=0x19f188) returned 0x0 [0139.505] CoGetContextToken (in: pToken=0x19f0e8 | out: pToken=0x19f0e8) returned 0x0 [0139.505] WbemLocator:IUnknown:QueryInterface (in: This=0x864988, riid=0x19f1b8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1b4 | out: ppvObject=0x19f1b4*=0x834168) returned 0x0 [0139.505] IUnknown:AddRef (This=0x834168) returned 0x4 [0139.505] IUnknown:Release (This=0x834168) returned 0x3 [0139.505] IUnknown:Release (This=0x834168) returned 0x2 [0139.505] IUnknown:Release (This=0x833420) returned 0x2 [0139.505] SysStringLen (param_1=0x0) returned 0x0 [0139.505] IEnumWbemClassObject:Reset (This=0x834168) returned 0x0 [0139.506] CoTaskMemAlloc (cb=0x4) returned 0x835d60 [0139.506] IEnumWbemClassObject:Next (in: This=0x834168, lTimeout=-1, uCount=0x1, apObjects=0x835d60, puReturned=0x22d9874 | out: apObjects=0x835d60*=0x84c970, puReturned=0x22d9874*=0x1) returned 0x0 [0139.513] IUnknown:QueryInterface (in: This=0x84c970, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x84c970) returned 0x0 [0139.513] IUnknown:QueryInterface (in: This=0x84c970, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x0) returned 0x80004002 [0139.513] IUnknown:QueryInterface (in: This=0x84c970, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0139.513] IUnknown:QueryInterface (in: This=0x84c970, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0139.514] IUnknown:AddRef (This=0x84c970) returned 0x3 [0139.514] IUnknown:QueryInterface (in: This=0x84c970, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0139.514] IUnknown:QueryInterface (in: This=0x84c970, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0139.514] IUnknown:QueryInterface (in: This=0x84c970, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x84c974) returned 0x0 [0139.514] IMarshal:GetUnmarshalClass (in: This=0x84c974, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0139.514] IUnknown:Release (This=0x84c974) returned 0x3 [0139.514] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0139.514] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0139.514] IUnknown:QueryInterface (in: This=0x84c970, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0139.514] IUnknown:Release (This=0x84c970) returned 0x2 [0139.514] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0139.514] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0139.514] IUnknown:QueryInterface (in: This=0x84c970, riid=0x19ed78*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x84c970) returned 0x0 [0139.514] IUnknown:AddRef (This=0x84c970) returned 0x4 [0139.514] IUnknown:Release (This=0x84c970) returned 0x3 [0139.514] IUnknown:Release (This=0x84c970) returned 0x2 [0139.514] CoTaskMemFree (pv=0x835d60) [0139.514] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0139.514] IUnknown:AddRef (This=0x84c970) returned 0x3 [0139.514] IWbemClassObject:Get (in: This=0x84c970, wszName="__GENUS", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f448*=0, plFlavor=0x19f444*=0 | out: pVal=0x19f3c8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f448*=3, plFlavor=0x19f444*=64) returned 0x0 [0139.515] IWbemClassObject:Get (in: This=0x84c970, wszName="__PATH", lFlags=0, pVal=0x19f3ac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f430*=0, plFlavor=0x19f42c*=0 | out: pVal=0x19f3ac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x19f430*=8, plFlavor=0x19f42c*=64) returned 0x0 [0139.515] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x7a [0139.515] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x7a [0139.515] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x484 [0139.515] SetEvent (hEvent=0x3e0) returned 1 [0139.515] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f384*=0x484, lpdwindex=0x19f1a4 | out: lpdwindex=0x19f1a4) returned 0x0 [0139.517] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0139.517] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0139.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e458, riid=0x19f280*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x81e458) returned 0x0 [0139.517] WbemDefPath:IUnknown:AddRef (This=0x81e458) returned 0x3 [0139.517] WbemDefPath:IUnknown:Release (This=0x81e458) returned 0x2 [0139.517] WbemDefPath:IWbemPath:SetText (This=0x81e458, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0 [0139.517] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x19f404 | out: puCount=0x19f404*=0x2) returned 0x0 [0139.517] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f400*=0x0, pszText=0x0 | out: puBuffLength=0x19f400*=0xf, pszText=0x0) returned 0x0 [0139.517] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f400*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f400*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.520] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x19f3d0 | out: puCount=0x19f3d0*=0x2) returned 0x0 [0139.520] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x19f3cc*=0xf, pszText=0x0) returned 0x0 [0139.520] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.520] IWbemClassObject:Get (in: This=0x84c970, wszName="IPEnabled", lFlags=0, pVal=0x19f3cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22da10c*=0, plFlavor=0x22da110*=0 | out: pVal=0x19f3cc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22da10c*=11, plFlavor=0x22da110*=0) returned 0x0 [0139.520] IWbemClassObject:Get (in: This=0x84c970, wszName="IPEnabled", lFlags=0, pVal=0x19f3d4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22da10c*=11, plFlavor=0x22da110*=0 | out: pVal=0x19f3d4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22da10c*=11, plFlavor=0x22da110*=0) returned 0x0 [0139.536] IUnknown:Release (This=0x84c970) returned 0x2 [0139.537] CoTaskMemAlloc (cb=0x4) returned 0x835ee0 [0139.537] IEnumWbemClassObject:Next (in: This=0x834168, lTimeout=-1, uCount=0x1, apObjects=0x835ee0, puReturned=0x22d9874 | out: apObjects=0x835ee0*=0x84cca0, puReturned=0x22d9874*=0x1) returned 0x0 [0139.540] IUnknown:QueryInterface (in: This=0x84cca0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x84cca0) returned 0x0 [0139.540] IUnknown:QueryInterface (in: This=0x84cca0, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x0) returned 0x80004002 [0139.540] IUnknown:QueryInterface (in: This=0x84cca0, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0139.540] IUnknown:QueryInterface (in: This=0x84cca0, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0139.540] IUnknown:AddRef (This=0x84cca0) returned 0x3 [0139.541] IUnknown:QueryInterface (in: This=0x84cca0, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0139.541] IUnknown:QueryInterface (in: This=0x84cca0, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0139.541] IUnknown:QueryInterface (in: This=0x84cca0, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x84cca4) returned 0x0 [0139.541] IMarshal:GetUnmarshalClass (in: This=0x84cca4, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0139.541] IUnknown:Release (This=0x84cca4) returned 0x3 [0139.541] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0139.541] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0139.541] IUnknown:QueryInterface (in: This=0x84cca0, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0139.541] IUnknown:Release (This=0x84cca0) returned 0x2 [0139.541] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0139.541] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0139.541] IUnknown:QueryInterface (in: This=0x84cca0, riid=0x19ed78*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x84cca0) returned 0x0 [0139.541] IUnknown:AddRef (This=0x84cca0) returned 0x4 [0139.541] IUnknown:Release (This=0x84cca0) returned 0x3 [0139.541] IUnknown:Release (This=0x84cca0) returned 0x2 [0139.541] CoTaskMemFree (pv=0x835ee0) [0139.541] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0139.541] IUnknown:AddRef (This=0x84cca0) returned 0x3 [0139.541] IWbemClassObject:Get (in: This=0x84cca0, wszName="__GENUS", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f448*=0, plFlavor=0x19f444*=0 | out: pVal=0x19f3c8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f448*=3, plFlavor=0x19f444*=64) returned 0x0 [0139.541] IWbemClassObject:Get (in: This=0x84cca0, wszName="__PATH", lFlags=0, pVal=0x19f3ac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f430*=0, plFlavor=0x19f42c*=0 | out: pVal=0x19f3ac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x19f430*=8, plFlavor=0x19f42c*=64) returned 0x0 [0139.541] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x7a [0139.541] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x7a [0139.541] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x488 [0139.542] SetEvent (hEvent=0x3e0) returned 1 [0139.542] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f384*=0x488, lpdwindex=0x19f1a4 | out: lpdwindex=0x19f1a4) returned 0x0 [0139.544] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0139.544] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0139.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e4c8, riid=0x19f280*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x81e4c8) returned 0x0 [0139.544] WbemDefPath:IUnknown:AddRef (This=0x81e4c8) returned 0x3 [0139.544] WbemDefPath:IUnknown:Release (This=0x81e4c8) returned 0x2 [0139.544] WbemDefPath:IWbemPath:SetText (This=0x81e4c8, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0 [0139.544] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x19f404 | out: puCount=0x19f404*=0x2) returned 0x0 [0139.544] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f400*=0x0, pszText=0x0 | out: puBuffLength=0x19f400*=0xf, pszText=0x0) returned 0x0 [0139.544] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f400*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f400*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.544] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x19f3d0 | out: puCount=0x19f3d0*=0x2) returned 0x0 [0139.544] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x19f3cc*=0xf, pszText=0x0) returned 0x0 [0139.544] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.544] IWbemClassObject:Get (in: This=0x84cca0, wszName="IPEnabled", lFlags=0, pVal=0x19f3cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22dabc8*=0, plFlavor=0x22dabcc*=0 | out: pVal=0x19f3cc*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x22dabc8*=11, plFlavor=0x22dabcc*=0) returned 0x0 [0139.544] IWbemClassObject:Get (in: This=0x84cca0, wszName="IPEnabled", lFlags=0, pVal=0x19f3d4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22dabc8*=11, plFlavor=0x22dabcc*=0 | out: pVal=0x19f3d4*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x22dabc8*=11, plFlavor=0x22dabcc*=0) returned 0x0 [0139.546] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x19f3d0 | out: puCount=0x19f3d0*=0x2) returned 0x0 [0139.546] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f3cc*=0x0, pszText=0x0 | out: puBuffLength=0x19f3cc*=0xf, pszText=0x0) returned 0x0 [0139.546] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f3cc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.546] IWbemClassObject:Get (in: This=0x84cca0, wszName="MacAddress", lFlags=0, pVal=0x19f3cc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22dac64*=0, plFlavor=0x22dac68*=0 | out: pVal=0x19f3cc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:30:9B:EA:EA:1E", varVal2=0x0), pType=0x22dac64*=8, plFlavor=0x22dac68*=0) returned 0x0 [0139.547] SysStringByteLen (bstr="00:30:9B:EA:EA:1E") returned 0x22 [0139.547] SysStringByteLen (bstr="00:30:9B:EA:EA:1E") returned 0x22 [0139.547] IWbemClassObject:Get (in: This=0x84cca0, wszName="MacAddress", lFlags=0, pVal=0x19f3d4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22dac64*=8, plFlavor=0x22dac68*=0 | out: pVal=0x19f3d4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:30:9B:EA:EA:1E", varVal2=0x0), pType=0x22dac64*=8, plFlavor=0x22dac68*=0) returned 0x0 [0139.547] SysStringByteLen (bstr="00:30:9B:EA:EA:1E") returned 0x22 [0139.547] SysStringByteLen (bstr="00:30:9B:EA:EA:1E") returned 0x22 [0139.547] IUnknown:Release (This=0x84cca0) returned 0x2 [0139.547] CoTaskMemAlloc (cb=0x4) returned 0x835e60 [0139.547] IEnumWbemClassObject:Next (in: This=0x834168, lTimeout=-1, uCount=0x1, apObjects=0x835e60, puReturned=0x22d9874 | out: apObjects=0x835e60*=0x84efe0, puReturned=0x22d9874*=0x1) returned 0x0 [0139.549] IUnknown:QueryInterface (in: This=0x84efe0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x84efe0) returned 0x0 [0139.550] IUnknown:QueryInterface (in: This=0x84efe0, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x0) returned 0x80004002 [0139.550] IUnknown:QueryInterface (in: This=0x84efe0, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0139.550] IUnknown:QueryInterface (in: This=0x84efe0, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0139.550] IUnknown:AddRef (This=0x84efe0) returned 0x3 [0139.550] IUnknown:QueryInterface (in: This=0x84efe0, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0139.550] IUnknown:QueryInterface (in: This=0x84efe0, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0139.550] IUnknown:QueryInterface (in: This=0x84efe0, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x84efe4) returned 0x0 [0139.550] IMarshal:GetUnmarshalClass (in: This=0x84efe4, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0139.550] IUnknown:Release (This=0x84efe4) returned 0x3 [0139.550] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0139.550] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0139.550] IUnknown:QueryInterface (in: This=0x84efe0, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0139.550] IUnknown:Release (This=0x84efe0) returned 0x2 [0139.550] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0139.550] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0139.550] IUnknown:QueryInterface (in: This=0x84efe0, riid=0x19ed78*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x84efe0) returned 0x0 [0139.550] IUnknown:AddRef (This=0x84efe0) returned 0x4 [0139.550] IUnknown:Release (This=0x84efe0) returned 0x3 [0139.550] IUnknown:Release (This=0x84efe0) returned 0x2 [0139.550] CoTaskMemFree (pv=0x835e60) [0139.550] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0139.550] IUnknown:AddRef (This=0x84efe0) returned 0x3 [0139.550] IWbemClassObject:Get (in: This=0x84efe0, wszName="__GENUS", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f448*=0, plFlavor=0x19f444*=0 | out: pVal=0x19f3c8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f448*=3, plFlavor=0x19f444*=64) returned 0x0 [0139.551] IWbemClassObject:Get (in: This=0x84efe0, wszName="__PATH", lFlags=0, pVal=0x19f3ac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f430*=0, plFlavor=0x19f42c*=0 | out: pVal=0x19f3ac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x19f430*=8, plFlavor=0x19f42c*=64) returned 0x0 [0139.551] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x7a [0139.551] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x7a [0139.551] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x494 [0139.551] SetEvent (hEvent=0x3e0) returned 1 [0139.551] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f384*=0x494, lpdwindex=0x19f1a4 | out: lpdwindex=0x19f1a4) returned 0x0 [0139.553] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0139.553] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0139.553] WbemDefPath:IUnknown:QueryInterface (in: This=0x873df0, riid=0x19f280*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x873df0) returned 0x0 [0139.553] WbemDefPath:IUnknown:AddRef (This=0x873df0) returned 0x3 [0139.553] WbemDefPath:IUnknown:Release (This=0x873df0) returned 0x2 [0139.553] WbemDefPath:IWbemPath:SetText (This=0x873df0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0 [0139.553] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x19f404 | out: puCount=0x19f404*=0x2) returned 0x0 [0139.553] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f400*=0x0, pszText=0x0 | out: puBuffLength=0x19f400*=0xf, pszText=0x0) returned 0x0 [0139.553] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f400*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f400*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.553] CoTaskMemAlloc (cb=0x4) returned 0x835d60 [0139.553] IEnumWbemClassObject:Next (in: This=0x834168, lTimeout=-1, uCount=0x1, apObjects=0x835d60, puReturned=0x22d9874 | out: apObjects=0x835d60*=0x84e0c0, puReturned=0x22d9874*=0x1) returned 0x0 [0139.556] IUnknown:QueryInterface (in: This=0x84e0c0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea38 | out: ppvObject=0x19ea38*=0x84e0c0) returned 0x0 [0139.556] IUnknown:QueryInterface (in: This=0x84e0c0, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e9f4 | out: ppvObject=0x19e9f4*=0x0) returned 0x80004002 [0139.556] IUnknown:QueryInterface (in: This=0x84e0c0, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0139.556] IUnknown:QueryInterface (in: This=0x84e0c0, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x0) returned 0x80004002 [0139.556] IUnknown:AddRef (This=0x84e0c0) returned 0x3 [0139.556] IUnknown:QueryInterface (in: This=0x84e0c0, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e354 | out: ppvObject=0x19e354*=0x0) returned 0x80004002 [0139.556] IUnknown:QueryInterface (in: This=0x84e0c0, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e304 | out: ppvObject=0x19e304*=0x0) returned 0x80004002 [0139.556] IUnknown:QueryInterface (in: This=0x84e0c0, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e310 | out: ppvObject=0x19e310*=0x84e0c4) returned 0x0 [0139.556] IMarshal:GetUnmarshalClass (in: This=0x84e0c4, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e318 | out: pCid=0x19e318*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0139.556] IUnknown:Release (This=0x84e0c4) returned 0x3 [0139.556] CoGetContextToken (in: pToken=0x19e370 | out: pToken=0x19e370) returned 0x0 [0139.556] CoGetContextToken (in: pToken=0x19e778 | out: pToken=0x19e778) returned 0x0 [0139.556] IUnknown:QueryInterface (in: This=0x84e0c0, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x0) returned 0x80004002 [0139.556] IUnknown:Release (This=0x84e0c0) returned 0x2 [0139.556] CoGetContextToken (in: pToken=0x19ed48 | out: pToken=0x19ed48) returned 0x0 [0139.556] CoGetContextToken (in: pToken=0x19eca8 | out: pToken=0x19eca8) returned 0x0 [0139.556] IUnknown:QueryInterface (in: This=0x84e0c0, riid=0x19ed78*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed74 | out: ppvObject=0x19ed74*=0x84e0c0) returned 0x0 [0139.556] IUnknown:AddRef (This=0x84e0c0) returned 0x4 [0139.557] IUnknown:Release (This=0x84e0c0) returned 0x3 [0139.557] IUnknown:Release (This=0x84e0c0) returned 0x2 [0139.557] CoTaskMemFree (pv=0x835d60) [0139.557] CoGetContextToken (in: pToken=0x19f0b8 | out: pToken=0x19f0b8) returned 0x0 [0139.557] IUnknown:AddRef (This=0x84e0c0) returned 0x3 [0139.557] IWbemClassObject:Get (in: This=0x84e0c0, wszName="__GENUS", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f448*=0, plFlavor=0x19f444*=0 | out: pVal=0x19f3c8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f448*=3, plFlavor=0x19f444*=64) returned 0x0 [0139.557] IWbemClassObject:Get (in: This=0x84e0c0, wszName="__PATH", lFlags=0, pVal=0x19f3ac*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f430*=0, plFlavor=0x19f42c*=0 | out: pVal=0x19f3ac*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x19f430*=8, plFlavor=0x19f42c*=64) returned 0x0 [0139.557] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x7a [0139.557] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x7a [0139.557] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x498 [0139.557] SetEvent (hEvent=0x3e0) returned 1 [0139.557] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f384*=0x498, lpdwindex=0x19f1a4 | out: lpdwindex=0x19f1a4) returned 0x0 [0139.559] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0139.559] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0139.559] WbemDefPath:IUnknown:QueryInterface (in: This=0x874020, riid=0x19f280*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f27c | out: ppvObject=0x19f27c*=0x874020) returned 0x0 [0139.559] WbemDefPath:IUnknown:AddRef (This=0x874020) returned 0x3 [0139.559] WbemDefPath:IUnknown:Release (This=0x874020) returned 0x2 [0139.559] WbemDefPath:IWbemPath:SetText (This=0x874020, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0 [0139.559] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x19f404 | out: puCount=0x19f404*=0x2) returned 0x0 [0139.559] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f400*=0x0, pszText=0x0 | out: puBuffLength=0x19f400*=0xf, pszText=0x0) returned 0x0 [0139.559] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=4, puBuffLength=0x19f400*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f400*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.559] CoTaskMemAlloc (cb=0x4) returned 0x835e80 [0139.559] IEnumWbemClassObject:Next (in: This=0x834168, lTimeout=-1, uCount=0x1, apObjects=0x835e80, puReturned=0x22d9874 | out: apObjects=0x835e80*=0x0, puReturned=0x22d9874*=0x0) returned 0x1 [0139.560] CoTaskMemFree (pv=0x835e80) [0139.561] CoGetContextToken (in: pToken=0x19f300 | out: pToken=0x19f300) returned 0x0 [0139.561] WbemLocator:IUnknown:Release (This=0x864988) returned 0x1 [0139.561] IUnknown:Release (This=0x834168) returned 0x0 [0139.587] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", nBufferLength=0x105, lpBuffer=0x19ef1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", lpFilePart=0x0) returned 0x62 [0139.590] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x19f338, nSize=0x80 | out: lpBuffer="") returned 0x25 [0139.598] GetUserNameW (in: lpBuffer=0x19f238, pcbBuffer=0x22dca28 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x22dca28) returned 1 [0139.603] GetComputerNameW (in: lpBuffer=0x19f238, nSize=0x22dcea4 | out: lpBuffer="XC64ZB", nSize=0x22dcea4) returned 1 [0139.608] EtwEventRegister (in: ProviderId=0x22dd44c, EnableCallback=0x4780c6e, CallbackContext=0x0, RegHandle=0x22dd428 | out: RegHandle=0x22dd428) returned 0x0 [0139.610] EtwEventSetInformation (RegHandle=0x80d258, InformationClass=0x47, EventInformation=0x2, InformationLength=0x22dd3ec) returned 0x0 [0139.610] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3fc | out: UnbiasedTime=0x19f3fc) returned 1 [0139.615] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3ec | out: UnbiasedTime=0x19f3ec) returned 1 [0139.616] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f41c | out: UnbiasedTime=0x19f41c) returned 1 [0139.616] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f40c | out: UnbiasedTime=0x19f40c) returned 1 [0148.640] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x19f338, nSize=0x80 | out: lpBuffer="") returned 0x25 [0148.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\", nBufferLength=0x105, lpBuffer=0x19ef94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\", lpFilePart=0x0) returned 0x2e [0148.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f3f0) returned 1 [0148.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc"), fInfoLevelId=0x0, lpFileInformation=0x19f46c | out: lpFileInformation=0x19f46c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0148.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f3ec) returned 1 [0148.644] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x19f338, nSize=0x80 | out: lpBuffer="") returned 0x25 [0148.644] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\", nBufferLength=0x105, lpBuffer=0x19ef98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\", lpFilePart=0x0) returned 0x2e [0148.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f380) returned 1 [0148.644] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc"), fInfoLevelId=0x0, lpFileInformation=0x19f3fc | out: lpFileInformation=0x19f3fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0148.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f37c) returned 1 [0148.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f380) returned 1 [0148.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc"), fInfoLevelId=0x0, lpFileInformation=0x19f3fc | out: lpFileInformation=0x19f3fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0148.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f37c) returned 1 [0148.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f380) returned 1 [0148.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x19f3fc | out: lpFileInformation=0x19f3fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x41aef6ad, ftLastAccessTime.dwHighDateTime=0x1d7b3d4, ftLastWriteTime.dwLowDateTime=0x41aef6ad, ftLastWriteTime.dwHighDateTime=0x1d7b3d4, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0148.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f37c) returned 1 [0148.647] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc"), lpSecurityAttributes=0x0) returned 1 [0148.648] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", nBufferLength=0x105, lpBuffer=0x19ef9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", lpFilePart=0x0) returned 0x39 [0148.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f3fc) returned 1 [0148.648] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe"), fInfoLevelId=0x0, lpFileInformation=0x19f478 | out: lpFileInformation=0x19f478*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0148.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f3f8) returned 1 [0148.648] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", nBufferLength=0x105, lpBuffer=0x19ef9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", lpFilePart=0x0) returned 0x62 [0148.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f3fc) returned 1 [0148.649] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe"), fInfoLevelId=0x0, lpFileInformation=0x19f478 | out: lpFileInformation=0x19f478*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd4ef300, ftCreationTime.dwHighDateTime=0x1d7b3d3, ftLastAccessTime.dwLowDateTime=0xfde78980, ftLastAccessTime.dwHighDateTime=0x1d7b3d3, ftLastWriteTime.dwLowDateTime=0x3763c900, ftLastWriteTime.dwHighDateTime=0x1d7b3c3, nFileSizeHigh=0x0, nFileSizeLow=0xb4200)) returned 1 [0148.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f3f8) returned 1 [0148.649] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", nBufferLength=0x105, lpBuffer=0x19ef9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", lpFilePart=0x0) returned 0x39 [0148.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f3fc) returned 1 [0148.649] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe"), fInfoLevelId=0x0, lpFileInformation=0x19f478 | out: lpFileInformation=0x19f478*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0148.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f3f8) returned 1 [0148.649] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", nBufferLength=0x105, lpBuffer=0x19ef4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe", lpFilePart=0x0) returned 0x62 [0148.649] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", nBufferLength=0x105, lpBuffer=0x19ef4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", lpFilePart=0x0) returned 0x39 [0148.649] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe"), bFailIfExists=0) returned 1 [0148.703] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x19f468 | out: phkResult=0x19f468*=0x4e0) returned 0x0 [0148.707] RegQueryValueExW (in: hKey=0x4e0, lpValueName="kprUEGC", lpReserved=0x0, lpType=0x19f464, lpData=0x0, lpcbData=0x19f460*=0x0 | out: lpType=0x19f464*=0x0, lpData=0x0, lpcbData=0x19f460*=0x0) returned 0x2 [0148.707] RegSetValueExW (in: hKey=0x4e0, lpValueName="kprUEGC", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", cbData=0x74 | out: lpData="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe") returned 0x0 [0148.713] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x19f468 | out: phkResult=0x19f468*=0x0) returned 0x2 [0148.716] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", nBufferLength=0x105, lpBuffer=0x19ef7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", lpFilePart=0x0) returned 0x39 [0148.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f3dc) returned 1 [0148.716] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe"), fInfoLevelId=0x0, lpFileInformation=0x19f458 | out: lpFileInformation=0x19f458*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x586707b0, ftCreationTime.dwHighDateTime=0x1d7b3d4, ftLastAccessTime.dwLowDateTime=0x586707b0, ftLastAccessTime.dwHighDateTime=0x1d7b3d4, ftLastWriteTime.dwLowDateTime=0x3763c900, ftLastWriteTime.dwHighDateTime=0x1d7b3c3, nFileSizeHigh=0x0, nFileSizeLow=0xb4200)) returned 1 [0148.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f3d8) returned 1 [0148.726] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe:Zone.Identifier" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe:zone.identifier")) returned 0 [0166.961] CoTaskMemAlloc (cb=0x20c) returned 0x815910 [0166.961] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x815910 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0166.965] CoTaskMemFree (pv=0x815910) [0166.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0166.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\drivers\\etc\\hosts", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\drivers\\etc\\hosts", lpFilePart=0x0) returned 0x25 [0166.977] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f330) returned 1 [0166.977] CreateFileW (lpFileName="C:\\Windows\\system32\\drivers\\etc\\hosts" (normalized: "c:\\windows\\system32\\drivers\\etc\\hosts"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4d8 [0166.979] GetFileType (hFile=0x4d8) returned 0x1 [0166.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f32c) returned 1 [0166.979] GetFileType (hFile=0x4d8) returned 0x1 [0166.980] SetFilePointer (in: hFile=0x4d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x19f304*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19f304*=0) returned 0x338 [0166.983] WriteFile (in: hFile=0x4d8, lpBuffer=0x22e1028*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x19f3e0, lpOverlapped=0x0 | out: lpBuffer=0x22e1028*, lpNumberOfBytesWritten=0x19f3e0*=0xb, lpOverlapped=0x0) returned 1 [0166.984] CloseHandle (hObject=0x4d8) returned 1 Thread: id = 17 os_tid = 0x968 Thread: id = 18 os_tid = 0xd28 Thread: id = 19 os_tid = 0x924 [0118.212] CoGetContextToken (in: pToken=0x432fc3c | out: pToken=0x432fc3c) returned 0x800401f0 [0118.213] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0118.213] RoInitialize () returned 0x1 [0118.213] RoUninitialize () returned 0x0 Thread: id = 24 os_tid = 0xc5c Thread: id = 25 os_tid = 0x1354 Thread: id = 26 os_tid = 0x1350 Thread: id = 130 os_tid = 0x1084 [0136.089] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0136.090] RoInitialize () returned 0x1 [0136.090] RoUninitialize () returned 0x0 [0136.109] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x4eef5b4 | out: lpiid=0x4eef5b4) returned 0x0 [0136.110] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835be0) returned 0x0 [0136.111] WbemDefPath:IUnknown:QueryInterface (in: This=0x835be0, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0136.111] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835be0, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x81df18) returned 0x0 [0136.111] WbemDefPath:IUnknown:Release (This=0x835be0) returned 0x0 [0136.111] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df18, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x81df18) returned 0x0 [0136.111] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df18, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0136.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df18, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0136.112] WbemDefPath:IUnknown:AddRef (This=0x81df18) returned 0x3 [0136.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df18, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0136.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df18, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0136.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df18, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x838438) returned 0x0 [0136.112] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x838438, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.112] WbemDefPath:IUnknown:Release (This=0x838438) returned 0x3 [0136.112] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0136.113] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0136.113] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df18, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0136.114] WbemDefPath:IUnknown:Release (This=0x81df18) returned 0x2 [0136.114] WbemDefPath:IUnknown:Release (This=0x81df18) returned 0x1 [0136.114] SetEvent (hEvent=0x3d0) returned 1 [0136.121] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835c60) returned 0x0 [0136.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x835c60, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0136.121] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835c60, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x81e298) returned 0x0 [0136.121] WbemDefPath:IUnknown:Release (This=0x835c60) returned 0x0 [0136.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e298, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x81e298) returned 0x0 [0136.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e298, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0136.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e298, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0136.122] WbemDefPath:IUnknown:AddRef (This=0x81e298) returned 0x3 [0136.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e298, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0136.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e298, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0136.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e298, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x838450) returned 0x0 [0136.122] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x838450, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.122] WbemDefPath:IUnknown:Release (This=0x838450) returned 0x3 [0136.122] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0136.122] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0136.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e298, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0136.122] WbemDefPath:IUnknown:Release (This=0x81e298) returned 0x2 [0136.122] WbemDefPath:IUnknown:Release (This=0x81e298) returned 0x1 [0136.122] SetEvent (hEvent=0x40c) returned 1 [0136.124] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835d30) returned 0x0 [0136.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x835d30, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0136.124] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835d30, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x81e228) returned 0x0 [0136.124] WbemDefPath:IUnknown:Release (This=0x835d30) returned 0x0 [0136.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e228, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x81e228) returned 0x0 [0136.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e228, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0136.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e228, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0136.125] WbemDefPath:IUnknown:AddRef (This=0x81e228) returned 0x3 [0136.125] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e228, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0136.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e228, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0136.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e228, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x838468) returned 0x0 [0136.126] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x838468, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.126] WbemDefPath:IUnknown:Release (This=0x838468) returned 0x3 [0136.126] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0136.126] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0136.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e228, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0136.126] WbemDefPath:IUnknown:Release (This=0x81e228) returned 0x2 [0136.126] WbemDefPath:IUnknown:Release (This=0x81e228) returned 0x1 [0136.126] SetEvent (hEvent=0x410) returned 1 [0136.779] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835bf0) returned 0x0 [0136.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x835bf0, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0136.779] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835bf0, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x81df88) returned 0x0 [0136.779] WbemDefPath:IUnknown:Release (This=0x835bf0) returned 0x0 [0136.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df88, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x81df88) returned 0x0 [0136.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df88, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0136.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df88, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0136.779] WbemDefPath:IUnknown:AddRef (This=0x81df88) returned 0x3 [0136.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df88, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0136.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df88, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0136.779] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df88, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x837fb8) returned 0x0 [0136.779] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x837fb8, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.779] WbemDefPath:IUnknown:Release (This=0x837fb8) returned 0x3 [0136.779] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0136.780] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0136.780] WbemDefPath:IUnknown:QueryInterface (in: This=0x81df88, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0136.780] WbemDefPath:IUnknown:Release (This=0x81df88) returned 0x2 [0136.780] WbemDefPath:IUnknown:Release (This=0x81df88) returned 0x1 [0136.780] SetEvent (hEvent=0x45c) returned 1 [0139.285] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835d40) returned 0x0 [0139.285] WbemDefPath:IUnknown:QueryInterface (in: This=0x835d40, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0139.285] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835d40, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x81dff8) returned 0x0 [0139.285] WbemDefPath:IUnknown:Release (This=0x835d40) returned 0x0 [0139.285] WbemDefPath:IUnknown:QueryInterface (in: This=0x81dff8, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x81dff8) returned 0x0 [0139.285] WbemDefPath:IUnknown:QueryInterface (in: This=0x81dff8, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0139.285] WbemDefPath:IUnknown:QueryInterface (in: This=0x81dff8, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0139.285] WbemDefPath:IUnknown:AddRef (This=0x81dff8) returned 0x3 [0139.285] WbemDefPath:IUnknown:QueryInterface (in: This=0x81dff8, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0139.285] WbemDefPath:IUnknown:QueryInterface (in: This=0x81dff8, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0139.285] WbemDefPath:IUnknown:QueryInterface (in: This=0x81dff8, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x838258) returned 0x0 [0139.286] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x838258, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.286] WbemDefPath:IUnknown:Release (This=0x838258) returned 0x3 [0139.286] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0139.286] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0139.286] WbemDefPath:IUnknown:QueryInterface (in: This=0x81dff8, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0139.286] WbemDefPath:IUnknown:Release (This=0x81dff8) returned 0x2 [0139.286] WbemDefPath:IUnknown:Release (This=0x81dff8) returned 0x1 [0139.286] SetEvent (hEvent=0x460) returned 1 [0139.309] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835b70) returned 0x0 [0139.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x835b70, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0139.309] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835b70, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x81e1b8) returned 0x0 [0139.309] WbemDefPath:IUnknown:Release (This=0x835b70) returned 0x0 [0139.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e1b8, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x81e1b8) returned 0x0 [0139.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e1b8, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0139.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e1b8, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0139.309] WbemDefPath:IUnknown:AddRef (This=0x81e1b8) returned 0x3 [0139.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e1b8, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0139.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e1b8, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0139.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e1b8, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x84a4c0) returned 0x0 [0139.309] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x84a4c0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.309] WbemDefPath:IUnknown:Release (This=0x84a4c0) returned 0x3 [0139.309] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0139.310] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0139.310] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e1b8, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0139.310] WbemDefPath:IUnknown:Release (This=0x81e1b8) returned 0x2 [0139.310] WbemDefPath:IUnknown:Release (This=0x81e1b8) returned 0x1 [0139.310] SetEvent (hEvent=0x464) returned 1 [0139.311] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835b70) returned 0x0 [0139.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x835b70, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0139.312] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835b70, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x81e378) returned 0x0 [0139.312] WbemDefPath:IUnknown:Release (This=0x835b70) returned 0x0 [0139.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e378, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x81e378) returned 0x0 [0139.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e378, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0139.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e378, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0139.312] WbemDefPath:IUnknown:AddRef (This=0x81e378) returned 0x3 [0139.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e378, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0139.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e378, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0139.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e378, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x84a400) returned 0x0 [0139.312] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x84a400, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.312] WbemDefPath:IUnknown:Release (This=0x84a400) returned 0x3 [0139.312] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0139.312] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0139.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e378, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0139.312] WbemDefPath:IUnknown:Release (This=0x81e378) returned 0x2 [0139.312] WbemDefPath:IUnknown:Release (This=0x81e378) returned 0x1 [0139.312] SetEvent (hEvent=0x468) returned 1 [0139.358] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835c10) returned 0x0 [0139.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x835c10, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0139.358] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835c10, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x81e5a8) returned 0x0 [0139.358] WbemDefPath:IUnknown:Release (This=0x835c10) returned 0x0 [0139.358] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e5a8, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x81e5a8) returned 0x0 [0139.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e5a8, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0139.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e5a8, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0139.359] WbemDefPath:IUnknown:AddRef (This=0x81e5a8) returned 0x3 [0139.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e5a8, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0139.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e5a8, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0139.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e5a8, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x84a6d0) returned 0x0 [0139.359] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x84a6d0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.359] WbemDefPath:IUnknown:Release (This=0x84a6d0) returned 0x3 [0139.359] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0139.359] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0139.359] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e5a8, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0139.359] WbemDefPath:IUnknown:Release (This=0x81e5a8) returned 0x2 [0139.359] WbemDefPath:IUnknown:Release (This=0x81e5a8) returned 0x1 [0139.359] SetEvent (hEvent=0x480) returned 1 [0139.516] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835ef0) returned 0x0 [0139.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x835ef0, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0139.516] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835ef0, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x81e458) returned 0x0 [0139.516] WbemDefPath:IUnknown:Release (This=0x835ef0) returned 0x0 [0139.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e458, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x81e458) returned 0x0 [0139.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e458, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0139.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e458, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0139.516] WbemDefPath:IUnknown:AddRef (This=0x81e458) returned 0x3 [0139.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e458, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0139.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e458, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0139.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e458, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x84a970) returned 0x0 [0139.517] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x84a970, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.517] WbemDefPath:IUnknown:Release (This=0x84a970) returned 0x3 [0139.517] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0139.517] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0139.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e458, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0139.517] WbemDefPath:IUnknown:Release (This=0x81e458) returned 0x2 [0139.517] WbemDefPath:IUnknown:Release (This=0x81e458) returned 0x1 [0139.517] SetEvent (hEvent=0x484) returned 1 [0139.542] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835d80) returned 0x0 [0139.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x835d80, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0139.543] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835d80, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x81e4c8) returned 0x0 [0139.543] WbemDefPath:IUnknown:Release (This=0x835d80) returned 0x0 [0139.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e4c8, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x81e4c8) returned 0x0 [0139.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e4c8, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0139.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e4c8, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0139.543] WbemDefPath:IUnknown:AddRef (This=0x81e4c8) returned 0x3 [0139.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e4c8, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0139.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e4c8, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0139.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e4c8, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x84aaf0) returned 0x0 [0139.543] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x84aaf0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.543] WbemDefPath:IUnknown:Release (This=0x84aaf0) returned 0x3 [0139.543] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0139.543] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0139.543] WbemDefPath:IUnknown:QueryInterface (in: This=0x81e4c8, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0139.543] WbemDefPath:IUnknown:Release (This=0x81e4c8) returned 0x2 [0139.543] WbemDefPath:IUnknown:Release (This=0x81e4c8) returned 0x1 [0139.543] SetEvent (hEvent=0x488) returned 1 [0139.551] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835e20) returned 0x0 [0139.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x835e20, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0139.552] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835e20, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x873df0) returned 0x0 [0139.552] WbemDefPath:IUnknown:Release (This=0x835e20) returned 0x0 [0139.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x873df0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x873df0) returned 0x0 [0139.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x873df0, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0139.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x873df0, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0139.552] WbemDefPath:IUnknown:AddRef (This=0x873df0) returned 0x3 [0139.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x873df0, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0139.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x873df0, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0139.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x873df0, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x84eef8) returned 0x0 [0139.552] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x84eef8, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.552] WbemDefPath:IUnknown:Release (This=0x84eef8) returned 0x3 [0139.552] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0139.552] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0139.552] WbemDefPath:IUnknown:QueryInterface (in: This=0x873df0, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0139.552] WbemDefPath:IUnknown:Release (This=0x873df0) returned 0x2 [0139.552] WbemDefPath:IUnknown:Release (This=0x873df0) returned 0x1 [0139.552] SetEvent (hEvent=0x494) returned 1 [0139.558] CoGetClassObject (in: rclsid=0x827b44*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x835de0) returned 0x0 [0139.558] WbemDefPath:IUnknown:QueryInterface (in: This=0x835de0, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0139.558] WbemDefPath:IClassFactory:CreateInstance (in: This=0x835de0, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x874020) returned 0x0 [0139.558] WbemDefPath:IUnknown:Release (This=0x835de0) returned 0x0 [0139.558] WbemDefPath:IUnknown:QueryInterface (in: This=0x874020, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x874020) returned 0x0 [0139.558] WbemDefPath:IUnknown:QueryInterface (in: This=0x874020, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0139.558] WbemDefPath:IUnknown:QueryInterface (in: This=0x874020, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0139.558] WbemDefPath:IUnknown:AddRef (This=0x874020) returned 0x3 [0139.558] WbemDefPath:IUnknown:QueryInterface (in: This=0x874020, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0139.558] WbemDefPath:IUnknown:QueryInterface (in: This=0x874020, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0139.558] WbemDefPath:IUnknown:QueryInterface (in: This=0x874020, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x84e838) returned 0x0 [0139.558] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x84e838, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.559] WbemDefPath:IUnknown:Release (This=0x84e838) returned 0x3 [0139.559] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0139.559] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0139.559] WbemDefPath:IUnknown:QueryInterface (in: This=0x874020, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0139.559] WbemDefPath:IUnknown:Release (This=0x874020) returned 0x2 [0139.559] WbemDefPath:IUnknown:Release (This=0x874020) returned 0x1 [0139.559] SetEvent (hEvent=0x498) returned 1 Thread: id = 131 os_tid = 0x1098 [0136.130] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0136.130] RoInitialize () returned 0x1 [0136.130] RoUninitialize () returned 0x0 [0136.131] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x502f7fc | out: lpiid=0x502f7fc) returned 0x0 [0136.131] CoGetClassObject (in: rclsid=0x8278d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x502f510 | out: ppv=0x502f510*=0x8385e8) returned 0x0 [0136.132] WbemLocator:IUnknown:QueryInterface (in: This=0x8385e8, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x502f728 | out: ppvObject=0x502f728*=0x0) returned 0x80004002 [0136.132] WbemLocator:IClassFactory:CreateInstance (in: This=0x8385e8, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f73c | out: ppvObject=0x502f73c*=0x835b60) returned 0x0 [0136.132] WbemLocator:IUnknown:Release (This=0x8385e8) returned 0x0 [0136.132] WbemLocator:IUnknown:QueryInterface (in: This=0x835b60, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f35c | out: ppvObject=0x502f35c*=0x835b60) returned 0x0 [0136.132] WbemLocator:IUnknown:QueryInterface (in: This=0x835b60, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x502f318 | out: ppvObject=0x502f318*=0x0) returned 0x80004002 [0136.132] WbemLocator:IUnknown:QueryInterface (in: This=0x835b60, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x502ef0c | out: ppvObject=0x502ef0c*=0x0) returned 0x80004002 [0136.132] WbemLocator:IUnknown:AddRef (This=0x835b60) returned 0x3 [0136.132] WbemLocator:IUnknown:QueryInterface (in: This=0x835b60, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x502ec74 | out: ppvObject=0x502ec74*=0x0) returned 0x80004002 [0136.132] WbemLocator:IUnknown:QueryInterface (in: This=0x835b60, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x502ec24 | out: ppvObject=0x502ec24*=0x0) returned 0x80004002 [0136.132] WbemLocator:IUnknown:QueryInterface (in: This=0x835b60, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502ec30 | out: ppvObject=0x502ec30*=0x0) returned 0x80004002 [0136.132] CoGetContextToken (in: pToken=0x502ec90 | out: pToken=0x502ec90) returned 0x0 [0136.132] CoGetObjectContext (in: riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x838724 | out: ppv=0x838724*=0x7e0158) returned 0x0 [0136.134] CoGetContextToken (in: pToken=0x502f098 | out: pToken=0x502f098) returned 0x0 [0136.134] WbemLocator:IUnknown:QueryInterface (in: This=0x835b60, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f128 | out: ppvObject=0x502f128*=0x0) returned 0x80004002 [0136.134] WbemLocator:IUnknown:Release (This=0x835b60) returned 0x2 [0136.134] WbemLocator:IUnknown:Release (This=0x835b60) returned 0x1 [0136.134] CoGetContextToken (in: pToken=0x502f708 | out: pToken=0x502f708) returned 0x0 [0136.134] CoGetContextToken (in: pToken=0x502f668 | out: pToken=0x502f668) returned 0x0 [0136.134] WbemLocator:IUnknown:QueryInterface (in: This=0x835b60, riid=0x502f738*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x502f734 | out: ppvObject=0x502f734*=0x835b60) returned 0x0 [0136.134] WbemLocator:IUnknown:AddRef (This=0x835b60) returned 0x3 [0136.134] WbemLocator:IUnknown:Release (This=0x835b60) returned 0x2 [0136.137] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e228, puCount=0x502f8cc | out: puCount=0x502f8cc*=0x2) returned 0x0 [0136.137] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=8, puBuffLength=0x502f8c8*=0x0, pszText=0x0 | out: puBuffLength=0x502f8c8*=0xf, pszText=0x0) returned 0x0 [0136.137] WbemDefPath:IWbemPath:GetText (in: This=0x81e228, lFlags=8, puBuffLength=0x502f8c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x502f8c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x502eb4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0136.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x502f050, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0136.144] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6dd10000 [0136.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x502f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1a\x9bióñ Ä «_mHó\x02\x05\x18´\x83", lpUsedDefaultChar=0x0) returned 13 [0136.282] GetProcAddress (hModule=0x6dd10000, lpProcName="ResetSecurity") returned 0x6dd126fe [0136.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x502f084, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0136.289] GetProcAddress (hModule=0x6dd10000, lpProcName="SetSecurity") returned 0x6dd12740 [0136.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x502f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 18 [0136.296] GetProcAddress (hModule=0x6dd10000, lpProcName="BlessIWbemServices") returned 0x6dd11e89 [0136.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x502f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 24 [0136.322] GetProcAddress (hModule=0x6dd10000, lpProcName="BlessIWbemServicesObject") returned 0x6dd11edb [0136.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0136.345] GetProcAddress (hModule=0x6dd10000, lpProcName="GetPropertyHandle") returned 0x6dd123d4 [0136.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x502f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 18 [0136.356] GetProcAddress (hModule=0x6dd10000, lpProcName="WritePropertyValue") returned 0x6dd12837 [0136.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x502f08c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 5 [0136.367] GetProcAddress (hModule=0x6dd10000, lpProcName="Clone") returned 0x6dd11f2d [0136.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x502f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0136.375] GetProcAddress (hModule=0x6dd10000, lpProcName="VerifyClientKey") returned 0x6dd127d4 [0136.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x502f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0136.379] GetProcAddress (hModule=0x6dd10000, lpProcName="GetQualifierSet") returned 0x6dd12435 [0136.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x502f08c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0136.381] GetProcAddress (hModule=0x6dd10000, lpProcName="Get") returned 0x6dd122f4 [0136.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x502f08c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0136.400] GetProcAddress (hModule=0x6dd10000, lpProcName="Put") returned 0x6dd124de [0136.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x502f08c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 6 [0136.414] GetProcAddress (hModule=0x6dd10000, lpProcName="Delete") returned 0x6dd12151 [0136.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x502f088, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 8 [0136.422] GetProcAddress (hModule=0x6dd10000, lpProcName="GetNames") returned 0x6dd123a2 [0136.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0136.449] GetProcAddress (hModule=0x6dd10000, lpProcName="BeginEnumeration") returned 0x6dd11e63 [0136.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x502f08c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 4 [0136.456] GetProcAddress (hModule=0x6dd10000, lpProcName="Next") returned 0x6dd124a3 [0136.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x502f084, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 14 [0136.468] GetProcAddress (hModule=0x6dd10000, lpProcName="EndEnumeration") returned 0x6dd121e2 [0136.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x502f078, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0136.478] GetProcAddress (hModule=0x6dd10000, lpProcName="GetPropertyQualifierSet") returned 0x6dd1241f [0136.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x502f08c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 5 [0136.488] GetProcAddress (hModule=0x6dd10000, lpProcName="Clone") returned 0x6dd11f2d [0136.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x502f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 13 [0136.489] GetProcAddress (hModule=0x6dd10000, lpProcName="GetObjectText") returned 0x6dd123be [0136.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0136.499] GetProcAddress (hModule=0x6dd10000, lpProcName="SpawnDerivedClass") returned 0x6dd12786 [0136.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x502f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 13 [0136.507] GetProcAddress (hModule=0x6dd10000, lpProcName="SpawnInstance") returned 0x6dd1279c [0136.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x502f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 9 [0136.508] GetProcAddress (hModule=0x6dd10000, lpProcName="CompareTo") returned 0x6dd11fad [0136.519] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0136.519] GetProcAddress (hModule=0x6dd10000, lpProcName="GetPropertyOrigin") returned 0x6dd12409 [0136.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x502f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 12 [0136.531] GetProcAddress (hModule=0x6dd10000, lpProcName="InheritsFrom") returned 0x6dd12448 [0136.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x502f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 9 [0136.532] GetProcAddress (hModule=0x6dd10000, lpProcName="GetMethod") returned 0x6dd1235a [0136.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x502f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 9 [0136.544] GetProcAddress (hModule=0x6dd10000, lpProcName="PutMethod") returned 0x6dd125fa [0136.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x502f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 12 [0136.556] GetProcAddress (hModule=0x6dd10000, lpProcName="DeleteMethod") returned 0x6dd12164 [0136.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x502f07c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumeration\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 22 [0136.557] GetProcAddress (hModule=0x6dd10000, lpProcName="BeginMethodEnumeration") returned 0x6dd11e76 [0136.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x502f088, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethod\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 10 [0136.558] GetProcAddress (hModule=0x6dd10000, lpProcName="NextMethod") returned 0x6dd124c2 [0136.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x502f07c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 20 [0136.570] GetProcAddress (hModule=0x6dd10000, lpProcName="EndMethodEnumeration") returned 0x6dd121f2 [0136.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x502f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 21 [0136.571] GetProcAddress (hModule=0x6dd10000, lpProcName="GetMethodQualifierSet") returned 0x6dd1238c [0136.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x502f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0136.573] GetProcAddress (hModule=0x6dd10000, lpProcName="GetMethodOrigin") returned 0x6dd12376 [0136.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0136.575] GetProcAddress (hModule=0x6dd10000, lpProcName="QualifierSet_Get") returned 0x6dd1264c [0136.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0136.591] GetProcAddress (hModule=0x6dd10000, lpProcName="QualifierSet_Put") returned 0x6dd1269a [0136.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x502f07c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0136.604] GetProcAddress (hModule=0x6dd10000, lpProcName="QualifierSet_Delete") returned 0x6dd12629 [0136.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x502f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 21 [0136.605] GetProcAddress (hModule=0x6dd10000, lpProcName="QualifierSet_GetNames") returned 0x6dd12668 [0136.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x502f074, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 29 [0136.618] GetProcAddress (hModule=0x6dd10000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6dd12616 [0136.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0136.619] GetProcAddress (hModule=0x6dd10000, lpProcName="QualifierSet_Next") returned 0x6dd1267e [0136.630] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x502f074, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0136.631] GetProcAddress (hModule=0x6dd10000, lpProcName="QualifierSet_EndEnumeration") returned 0x6dd1263c [0136.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x502f078, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0136.632] GetProcAddress (hModule=0x6dd10000, lpProcName="GetCurrentApartmentType") returned 0x6dd12435 [0136.639] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x502f07c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 20 [0136.639] GetProcAddress (hModule=0x6dd10000, lpProcName="GetDemultiplexedStub") returned 0x6dd12313 [0136.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x502f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 21 [0136.651] GetProcAddress (hModule=0x6dd10000, lpProcName="CreateInstanceEnumWmi") returned 0x6dd120db [0136.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x502f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 18 [0136.696] GetProcAddress (hModule=0x6dd10000, lpProcName="CreateClassEnumWmi") returned 0x6dd12065 [0136.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x502f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 12 [0136.696] GetProcAddress (hModule=0x6dd10000, lpProcName="ExecQueryWmi") returned 0x6dd1227b [0136.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x502f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmiD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 24 [0136.700] GetProcAddress (hModule=0x6dd10000, lpProcName="ExecNotificationQueryWmi") returned 0x6dd12202 [0136.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x502f084, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmi\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 14 [0136.700] GetProcAddress (hModule=0x6dd10000, lpProcName="PutInstanceWmi") returned 0x6dd1257a [0136.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x502f084, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0136.702] GetProcAddress (hModule=0x6dd10000, lpProcName="PutClassWmi") returned 0x6dd124fa [0136.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x502f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObjectD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 24 [0136.702] GetProcAddress (hModule=0x6dd10000, lpProcName="CloneEnumWbemClassObject") returned 0x6dd11f40 [0136.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmiD\x1a\x9bióñ Ä «_mHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0136.703] GetProcAddress (hModule=0x6dd10000, lpProcName="ConnectServerWmi") returned 0x6dd11fc3 [0136.705] CoCreateInstance (in: rclsid=0x6dd11284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dd112e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x502f7a4 | out: ppv=0x502f7a4*=0x835b70) returned 0x0 [0136.705] WbemLocator:IWbemLocator:ConnectServer (in: This=0x835b70, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x502f838 | out: ppNamespace=0x502f838*=0x7d26a0) returned 0x0 [0136.725] WbemLocator:IUnknown:QueryInterface (in: This=0x7d26a0, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f6d4 | out: ppvObject=0x502f6d4*=0x7fac0c) returned 0x0 [0136.725] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fac0c, pProxy=0x7d26a0, pAuthnSvc=0x502f724, pAuthzSvc=0x502f720, pServerPrincName=0x502f718, pAuthnLevel=0x502f71c, pImpLevel=0x502f70c, pAuthInfo=0x502f710, pCapabilites=0x502f714 | out: pAuthnSvc=0x502f724*=0xa, pAuthzSvc=0x502f720*=0x0, pServerPrincName=0x502f718, pAuthnLevel=0x502f71c*=0x6, pImpLevel=0x502f70c*=0x2, pAuthInfo=0x502f710, pCapabilites=0x502f714*=0x1) returned 0x0 [0136.725] WbemLocator:IUnknown:Release (This=0x7fac0c) returned 0x1 [0136.725] WbemLocator:IUnknown:QueryInterface (in: This=0x7d26a0, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f6c8 | out: ppvObject=0x502f6c8*=0x7fac30) returned 0x0 [0136.725] WbemLocator:IUnknown:QueryInterface (in: This=0x7d26a0, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f6c4 | out: ppvObject=0x502f6c4*=0x7fac0c) returned 0x0 [0136.725] WbemLocator:IClientSecurity:SetBlanket (This=0x7fac0c, pProxy=0x7d26a0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0136.725] WbemLocator:IUnknown:Release (This=0x7fac0c) returned 0x2 [0136.726] WbemLocator:IUnknown:Release (This=0x7fac30) returned 0x1 [0136.726] CoTaskMemFree (pv=0x83ddd0) [0136.726] WbemLocator:IUnknown:Release (This=0x835b70) returned 0x0 [0136.726] WbemLocator:IUnknown:QueryInterface (in: This=0x7d26a0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f2c4 | out: ppvObject=0x502f2c4*=0x7fac30) returned 0x0 [0136.726] WbemLocator:IUnknown:QueryInterface (in: This=0x7fac30, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x502f280 | out: ppvObject=0x502f280*=0x0) returned 0x80004002 [0136.726] WbemLocator:IUnknown:QueryInterface (in: This=0x7fac30, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x502f09c | out: ppvObject=0x502f09c*=0x0) returned 0x80004002 [0136.726] WbemLocator:IUnknown:QueryInterface (in: This=0x7d26a0, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x502ee74 | out: ppvObject=0x502ee74*=0x0) returned 0x80004002 [0136.727] WbemLocator:IUnknown:AddRef (This=0x7fac30) returned 0x3 [0136.727] WbemLocator:IUnknown:QueryInterface (in: This=0x7fac30, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x502ebdc | out: ppvObject=0x502ebdc*=0x0) returned 0x80004002 [0136.727] WbemLocator:IUnknown:QueryInterface (in: This=0x7fac30, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x502eb8c | out: ppvObject=0x502eb8c*=0x0) returned 0x80004002 [0136.727] WbemLocator:IUnknown:QueryInterface (in: This=0x7fac30, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502eb98 | out: ppvObject=0x502eb98*=0x7fab8c) returned 0x0 [0136.727] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7fab8c, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x502eba0 | out: pCid=0x502eba0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.727] WbemLocator:IUnknown:Release (This=0x7fab8c) returned 0x3 [0136.727] CoGetContextToken (in: pToken=0x502ebf8 | out: pToken=0x502ebf8) returned 0x0 [0136.728] CoGetContextToken (in: pToken=0x502f000 | out: pToken=0x502f000) returned 0x0 [0136.728] WbemLocator:IUnknown:QueryInterface (in: This=0x7fac30, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f090 | out: ppvObject=0x502f090*=0x7fac14) returned 0x0 [0136.728] WbemLocator:IRpcOptions:Query (in: This=0x7fac14, pPrx=0x7fac30, dwProperty=2, pdwValue=0x502f0b8 | out: pdwValue=0x502f0b8) returned 0x80004002 [0136.728] WbemLocator:IUnknown:Release (This=0x7fac14) returned 0x3 [0136.728] WbemLocator:IUnknown:Release (This=0x7fac30) returned 0x2 [0136.728] CoGetContextToken (in: pToken=0x502f5d8 | out: pToken=0x502f5d8) returned 0x0 [0136.728] CoGetContextToken (in: pToken=0x502f538 | out: pToken=0x502f538) returned 0x0 [0136.728] WbemLocator:IUnknown:QueryInterface (in: This=0x7fac30, riid=0x502f608*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x502f604 | out: ppvObject=0x502f604*=0x7d26a0) returned 0x0 [0136.728] WbemLocator:IUnknown:AddRef (This=0x7d26a0) returned 0x4 [0136.728] WbemLocator:IUnknown:Release (This=0x7d26a0) returned 0x3 [0136.728] WbemLocator:IUnknown:Release (This=0x7d26a0) returned 0x2 [0136.733] SysStringLen (param_1=0x0) returned 0x0 [0136.733] CoUninitialize () Thread: id = 132 os_tid = 0x109c [0136.743] CoGetContextToken (in: pToken=0x502f26c | out: pToken=0x502f26c) returned 0x0 [0136.743] CoGetContextToken (in: pToken=0x502f25c | out: pToken=0x502f25c) returned 0x0 [0136.743] CoGetMarshalSizeMax (in: pulSize=0x502f218, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7fac30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x502f218) returned 0x0 [0136.744] CoMarshalInterface (pStm=0x81a890, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7fac30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0139.332] CoGetContextToken (in: pToken=0x502f26c | out: pToken=0x502f26c) returned 0x0 [0139.332] CoGetContextToken (in: pToken=0x502f25c | out: pToken=0x502f25c) returned 0x0 [0139.332] CoGetMarshalSizeMax (in: pulSize=0x502f218, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7fa430, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x502f218) returned 0x0 [0139.332] CoMarshalInterface (pStm=0x81a950, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x7fa430, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 133 os_tid = 0x11a0 [0139.315] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0139.315] RoInitialize () returned 0x1 [0139.315] RoUninitialize () returned 0x0 [0139.316] CoGetClassObject (in: rclsid=0x8278d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6d6b54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x516f490 | out: ppv=0x516f490*=0x84a658) returned 0x0 [0139.316] WbemLocator:IUnknown:QueryInterface (in: This=0x84a658, riid=0x6d6695e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x516f6a8 | out: ppvObject=0x516f6a8*=0x0) returned 0x80004002 [0139.316] WbemLocator:IClassFactory:CreateInstance (in: This=0x84a658, pUnkOuter=0x0, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f6bc | out: ppvObject=0x516f6bc*=0x835c40) returned 0x0 [0139.316] WbemLocator:IUnknown:Release (This=0x84a658) returned 0x0 [0139.316] WbemLocator:IUnknown:QueryInterface (in: This=0x835c40, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f2dc | out: ppvObject=0x516f2dc*=0x835c40) returned 0x0 [0139.316] WbemLocator:IUnknown:QueryInterface (in: This=0x835c40, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x516f298 | out: ppvObject=0x516f298*=0x0) returned 0x80004002 [0139.316] WbemLocator:IUnknown:QueryInterface (in: This=0x835c40, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x516ee8c | out: ppvObject=0x516ee8c*=0x0) returned 0x80004002 [0139.316] WbemLocator:IUnknown:AddRef (This=0x835c40) returned 0x3 [0139.316] WbemLocator:IUnknown:QueryInterface (in: This=0x835c40, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x516ebf4 | out: ppvObject=0x516ebf4*=0x0) returned 0x80004002 [0139.316] WbemLocator:IUnknown:QueryInterface (in: This=0x835c40, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x516eba4 | out: ppvObject=0x516eba4*=0x0) returned 0x80004002 [0139.316] WbemLocator:IUnknown:QueryInterface (in: This=0x835c40, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516ebb0 | out: ppvObject=0x516ebb0*=0x0) returned 0x80004002 [0139.317] CoGetContextToken (in: pToken=0x516ec10 | out: pToken=0x516ec10) returned 0x0 [0139.317] CoGetContextToken (in: pToken=0x516f018 | out: pToken=0x516f018) returned 0x0 [0139.317] WbemLocator:IUnknown:QueryInterface (in: This=0x835c40, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f0a8 | out: ppvObject=0x516f0a8*=0x0) returned 0x80004002 [0139.317] WbemLocator:IUnknown:Release (This=0x835c40) returned 0x2 [0139.317] WbemLocator:IUnknown:Release (This=0x835c40) returned 0x1 [0139.317] CoGetContextToken (in: pToken=0x516f688 | out: pToken=0x516f688) returned 0x0 [0139.317] CoGetContextToken (in: pToken=0x516f5e8 | out: pToken=0x516f5e8) returned 0x0 [0139.317] WbemLocator:IUnknown:QueryInterface (in: This=0x835c40, riid=0x516f6b8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x516f6b4 | out: ppvObject=0x516f6b4*=0x835c40) returned 0x0 [0139.317] WbemLocator:IUnknown:AddRef (This=0x835c40) returned 0x3 [0139.317] WbemLocator:IUnknown:Release (This=0x835c40) returned 0x2 [0139.317] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x81e378, puCount=0x516f84c | out: puCount=0x516f84c*=0x2) returned 0x0 [0139.317] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=8, puBuffLength=0x516f848*=0x0, pszText=0x0 | out: puBuffLength=0x516f848*=0xf, pszText=0x0) returned 0x0 [0139.317] WbemDefPath:IWbemPath:GetText (in: This=0x81e378, lFlags=8, puBuffLength=0x516f848*=0xf, pszText="00000000000000" | out: puBuffLength=0x516f848*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.317] CoCreateInstance (in: rclsid=0x6dd11284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dd112e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x516f724 | out: ppv=0x516f724*=0x835d30) returned 0x0 [0139.317] WbemLocator:IWbemLocator:ConnectServer (in: This=0x835d30, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x516f7b8 | out: ppNamespace=0x516f7b8*=0x849f50) returned 0x0 [0139.327] WbemLocator:IUnknown:QueryInterface (in: This=0x849f50, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f654 | out: ppvObject=0x516f654*=0x7fa40c) returned 0x0 [0139.327] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7fa40c, pProxy=0x849f50, pAuthnSvc=0x516f6a4, pAuthzSvc=0x516f6a0, pServerPrincName=0x516f698, pAuthnLevel=0x516f69c, pImpLevel=0x516f68c, pAuthInfo=0x516f690, pCapabilites=0x516f694 | out: pAuthnSvc=0x516f6a4*=0xa, pAuthzSvc=0x516f6a0*=0x0, pServerPrincName=0x516f698, pAuthnLevel=0x516f69c*=0x6, pImpLevel=0x516f68c*=0x2, pAuthInfo=0x516f690, pCapabilites=0x516f694*=0x1) returned 0x0 [0139.327] WbemLocator:IUnknown:Release (This=0x7fa40c) returned 0x1 [0139.327] WbemLocator:IUnknown:QueryInterface (in: This=0x849f50, riid=0x6dd110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f648 | out: ppvObject=0x516f648*=0x7fa430) returned 0x0 [0139.327] WbemLocator:IUnknown:QueryInterface (in: This=0x849f50, riid=0x6dd11104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f644 | out: ppvObject=0x516f644*=0x7fa40c) returned 0x0 [0139.327] WbemLocator:IClientSecurity:SetBlanket (This=0x7fa40c, pProxy=0x849f50, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0139.327] WbemLocator:IUnknown:Release (This=0x7fa40c) returned 0x2 [0139.327] WbemLocator:IUnknown:Release (This=0x7fa430) returned 0x1 [0139.327] CoTaskMemFree (pv=0x83d950) [0139.328] WbemLocator:IUnknown:Release (This=0x835d30) returned 0x0 [0139.328] WbemLocator:IUnknown:QueryInterface (in: This=0x849f50, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f244 | out: ppvObject=0x516f244*=0x7fa430) returned 0x0 [0139.328] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa430, riid=0x6d73fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x516f200 | out: ppvObject=0x516f200*=0x0) returned 0x80004002 [0139.328] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa430, riid=0x6d73fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x516f01c | out: ppvObject=0x516f01c*=0x0) returned 0x80004002 [0139.328] WbemLocator:IUnknown:QueryInterface (in: This=0x849f50, riid=0x6d74056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x516edf4 | out: ppvObject=0x516edf4*=0x0) returned 0x80004002 [0139.329] WbemLocator:IUnknown:AddRef (This=0x7fa430) returned 0x3 [0139.329] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa430, riid=0x6d740208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x516eb5c | out: ppvObject=0x516eb5c*=0x0) returned 0x80004002 [0139.329] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa430, riid=0x6d74015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x516eb0c | out: ppvObject=0x516eb0c*=0x0) returned 0x80004002 [0139.329] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa430, riid=0x6d6140e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516eb18 | out: ppvObject=0x516eb18*=0x7fa38c) returned 0x0 [0139.329] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7fa38c, riid=0x6d606c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x516eb20 | out: pCid=0x516eb20*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.329] WbemLocator:IUnknown:Release (This=0x7fa38c) returned 0x3 [0139.329] CoGetContextToken (in: pToken=0x516eb78 | out: pToken=0x516eb78) returned 0x0 [0139.329] CoGetContextToken (in: pToken=0x516ef80 | out: pToken=0x516ef80) returned 0x0 [0139.329] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa430, riid=0x6d740448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x516f010 | out: ppvObject=0x516f010*=0x7fa414) returned 0x0 [0139.329] WbemLocator:IRpcOptions:Query (in: This=0x7fa414, pPrx=0x7fa430, dwProperty=2, pdwValue=0x516f038 | out: pdwValue=0x516f038) returned 0x80004002 [0139.329] WbemLocator:IUnknown:Release (This=0x7fa414) returned 0x3 [0139.329] WbemLocator:IUnknown:Release (This=0x7fa430) returned 0x2 [0139.329] CoGetContextToken (in: pToken=0x516f558 | out: pToken=0x516f558) returned 0x0 [0139.329] CoGetContextToken (in: pToken=0x516f4b8 | out: pToken=0x516f4b8) returned 0x0 [0139.329] WbemLocator:IUnknown:QueryInterface (in: This=0x7fa430, riid=0x516f588*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x516f584 | out: ppvObject=0x516f584*=0x849f50) returned 0x0 [0139.329] WbemLocator:IUnknown:AddRef (This=0x849f50) returned 0x4 [0139.329] WbemLocator:IUnknown:Release (This=0x849f50) returned 0x3 [0139.329] WbemLocator:IUnknown:Release (This=0x849f50) returned 0x2 [0139.329] SysStringLen (param_1=0x0) returned 0x0 [0139.329] CoUninitialize () Thread: id = 135 os_tid = 0x11c4 [0139.615] CoGetContextToken (in: pToken=0x50afebc | out: pToken=0x50afebc) returned 0x0 [0139.616] IUnknown:QueryInterface (in: This=0x7e0158, riid=0x6d684564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x50afee0 | out: ppvObject=0x50afee0*=0x7e0164) returned 0x0 [0139.616] IComThreadingInfo:GetCurrentThreadType (in: This=0x7e0164, pThreadType=0x50aff0c | out: pThreadType=0x50aff0c*=0) returned 0x0 [0139.616] IUnknown:Release (This=0x7e0164) returned 0x1 [0139.616] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0139.617] RoInitialize () returned 0x1 [0139.617] RoUninitialize () returned 0x0 Thread: id = 136 os_tid = 0x1218 [0139.734] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0139.734] CoGetContextToken (in: pToken=0x51efbc4 | out: pToken=0x51efbc4) returned 0x0 [0139.735] IUnknown:QueryInterface (in: This=0x7e0158, riid=0x6d684564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x51efbe8 | out: ppvObject=0x51efbe8*=0x7e0164) returned 0x0 [0139.735] IComThreadingInfo:GetCurrentThreadType (in: This=0x7e0164, pThreadType=0x51efc14 | out: pThreadType=0x51efc14*=0) returned 0x0 [0139.735] IUnknown:Release (This=0x7e0164) returned 0x1 [0139.735] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0139.735] CoUninitialize () [0139.735] RoInitialize () returned 0x1 [0139.735] RoUninitialize () returned 0x0 [0139.735] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x51ef8d4 | out: UnbiasedTime=0x51ef8d4) returned 1 [0139.735] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x51ef8c4 | out: UnbiasedTime=0x51ef8c4) returned 1 [0159.784] CoUninitialize () Thread: id = 137 os_tid = 0x1224 Thread: id = 162 os_tid = 0xe8c [0169.782] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0169.785] CoGetContextToken (in: pToken=0x542fb44 | out: pToken=0x542fb44) returned 0x0 [0169.785] IUnknown:QueryInterface (in: This=0x7e0158, riid=0x6d684564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x542fb68 | out: ppvObject=0x542fb68*=0x7e0164) returned 0x0 [0169.785] IComThreadingInfo:GetCurrentThreadType (in: This=0x7e0164, pThreadType=0x542fb94 | out: pThreadType=0x542fb94*=0) returned 0x0 [0169.786] IUnknown:Release (This=0x7e0164) returned 0x1 [0169.786] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0169.786] CoUninitialize () [0169.786] RoInitialize () returned 0x1 [0169.786] RoUninitialize () returned 0x0 [0169.786] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x542f854 | out: UnbiasedTime=0x542f854) returned 1 [0169.786] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x542f844 | out: UnbiasedTime=0x542f844) returned 1 [0169.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x542f748 | out: lpSystemTimeAsFileTime=0x542f748*(dwLowDateTime=0x65005b2a, dwHighDateTime=0x1d7b3d4)) [0169.792] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x542f3b0 | out: pTimeZoneInformation=0x542f3b0) returned 0x2 [0169.795] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x542f494 | out: phkResult=0x542f494*=0x51c) returned 0x0 [0169.795] RegQueryValueExW (in: hKey=0x51c, lpValueName="TZI", lpReserved=0x0, lpType=0x542f4b0, lpData=0x0, lpcbData=0x542f4ac*=0x0 | out: lpType=0x542f4b0*=0x3, lpData=0x0, lpcbData=0x542f4ac*=0x2c) returned 0x0 [0169.796] RegQueryValueExW (in: hKey=0x51c, lpValueName="TZI", lpReserved=0x0, lpType=0x542f4b0, lpData=0x22e2ac0, lpcbData=0x542f4ac*=0x2c | out: lpType=0x542f4b0*=0x3, lpData=0x22e2ac0*, lpcbData=0x542f4ac*=0x2c) returned 0x0 [0169.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x542f2e8 | out: phkResult=0x542f2e8*=0x0) returned 0x2 [0169.798] RegQueryValueExW (in: hKey=0x51c, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x542f488, lpData=0x0, lpcbData=0x542f484*=0x0 | out: lpType=0x542f488*=0x1, lpData=0x0, lpcbData=0x542f484*=0x20) returned 0x0 [0169.798] RegQueryValueExW (in: hKey=0x51c, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x542f488, lpData=0x22e2fcc, lpcbData=0x542f484*=0x20 | out: lpType=0x542f488*=0x1, lpData="@tzres.dll,-320", lpcbData=0x542f484*=0x20) returned 0x0 [0169.798] RegQueryValueExW (in: hKey=0x51c, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x542f488, lpData=0x0, lpcbData=0x542f484*=0x0 | out: lpType=0x542f488*=0x1, lpData=0x0, lpcbData=0x542f484*=0x20) returned 0x0 [0169.798] RegQueryValueExW (in: hKey=0x51c, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x542f488, lpData=0x22e3024, lpcbData=0x542f484*=0x20 | out: lpType=0x542f488*=0x1, lpData="@tzres.dll,-322", lpcbData=0x542f484*=0x20) returned 0x0 [0169.798] RegQueryValueExW (in: hKey=0x51c, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x542f488, lpData=0x0, lpcbData=0x542f484*=0x0 | out: lpType=0x542f488*=0x1, lpData=0x0, lpcbData=0x542f484*=0x20) returned 0x0 [0169.798] RegQueryValueExW (in: hKey=0x51c, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x542f488, lpData=0x22e307c, lpcbData=0x542f484*=0x20 | out: lpType=0x542f488*=0x1, lpData="@tzres.dll,-321", lpcbData=0x542f484*=0x20) returned 0x0 [0169.799] CoTaskMemAlloc (cb=0x20c) returned 0x815a68 [0169.799] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x815a68 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0169.799] CoTaskMemFree (pv=0x815a68) [0169.800] CoTaskMemAlloc (cb=0x20c) returned 0x815a68 [0169.800] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x542f4a4, pwszFileMUIPath=0x815a68, pcchFileMUIPath=0x542f4a8, pululEnumerator=0x542f49c | out: pwszLanguage=0x0, pcchLanguage=0x542f4a4, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x542f4a8, pululEnumerator=0x542f49c) returned 1 [0169.946] CoTaskMemFree (pv=0x0) [0169.946] CoTaskMemFree (pv=0x815a68) [0169.947] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5130001 [0169.963] CoTaskMemAlloc (cb=0x3ec) returned 0x874e60 [0169.964] LoadStringW (in: hInstance=0x5130001, uID=0x140, lpBuffer=0x874e60, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0169.964] CoTaskMemFree (pv=0x874e60) [0169.964] FreeLibrary (hLibModule=0x5130001) returned 1 [0169.965] CoTaskMemAlloc (cb=0x20c) returned 0x815a68 [0169.965] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x815a68 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0169.965] CoTaskMemFree (pv=0x815a68) [0169.965] CoTaskMemAlloc (cb=0x20c) returned 0x815a68 [0169.965] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x542f4a4, pwszFileMUIPath=0x815a68, pcchFileMUIPath=0x542f4a8, pululEnumerator=0x542f49c | out: pwszLanguage=0x0, pcchLanguage=0x542f4a4, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x542f4a8, pululEnumerator=0x542f49c) returned 1 [0169.969] CoTaskMemFree (pv=0x0) [0169.969] CoTaskMemFree (pv=0x815a68) [0169.969] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5130001 [0169.972] CoTaskMemAlloc (cb=0x3ec) returned 0x874e60 [0169.972] LoadStringW (in: hInstance=0x5130001, uID=0x142, lpBuffer=0x874e60, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0169.972] CoTaskMemFree (pv=0x874e60) [0169.972] FreeLibrary (hLibModule=0x5130001) returned 1 [0169.973] CoTaskMemAlloc (cb=0x20c) returned 0x815a68 [0169.973] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x815a68 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0169.973] CoTaskMemFree (pv=0x815a68) [0169.973] CoTaskMemAlloc (cb=0x20c) returned 0x815a68 [0169.973] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x542f4a4, pwszFileMUIPath=0x815a68, pcchFileMUIPath=0x542f4a8, pululEnumerator=0x542f49c | out: pwszLanguage=0x0, pcchLanguage=0x542f4a4, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x542f4a8, pululEnumerator=0x542f49c) returned 1 [0170.167] CoTaskMemFree (pv=0x0) [0170.167] CoTaskMemFree (pv=0x815a68) [0170.167] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5130001 [0170.171] CoTaskMemAlloc (cb=0x3ec) returned 0x874e60 [0170.171] LoadStringW (in: hInstance=0x5130001, uID=0x141, lpBuffer=0x874e60, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0170.171] CoTaskMemFree (pv=0x874e60) [0170.171] FreeLibrary (hLibModule=0x5130001) returned 1 [0170.172] RegCloseKey (hKey=0x51c) returned 0x0 [0170.192] GetLastInputInfo (in: plii=0x22328f8 | out: plii=0x22328f8*(cbSize=0x8, dwTime=0x10a2637)) returned 1 Thread: id = 163 os_tid = 0x4d0 Thread: id = 164 os_tid = 0x178 [0170.240] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0170.241] CoGetContextToken (in: pToken=0x552fac4 | out: pToken=0x552fac4) returned 0x0 [0170.241] IUnknown:QueryInterface (in: This=0x7e0158, riid=0x6d684564*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x552fae8 | out: ppvObject=0x552fae8*=0x7e0164) returned 0x0 [0170.241] IComThreadingInfo:GetCurrentThreadType (in: This=0x7e0164, pThreadType=0x552fb14 | out: pThreadType=0x552fb14*=0) returned 0x0 [0170.241] IUnknown:Release (This=0x7e0164) returned 0x1 [0170.241] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0170.241] CoUninitialize () [0170.241] RoInitialize () returned 0x1 [0170.241] RoUninitialize () returned 0x0 Process: id = "4" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x25b6f000" os_pid = "0x17c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x7e0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 561 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 562 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 563 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 564 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 565 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 566 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 567 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 568 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 569 start_va = 0x7ff747c50000 end_va = 0x7ff747c60fff monitored = 0 entry_point = 0x7ff747c516b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 570 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 640 start_va = 0xb0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 641 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 642 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 643 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 644 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 645 start_va = 0x600000 end_va = 0x6bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 646 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 647 start_va = 0x1b0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 648 start_va = 0x6c0000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 649 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 650 start_va = 0x7ffc53880000 end_va = 0x7ffc538d8fff monitored = 0 entry_point = 0x7ffc5388fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 655 start_va = 0x90000 end_va = 0x90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 656 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 657 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 658 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 659 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 660 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 661 start_va = 0xa0000 end_va = 0xa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 662 start_va = 0x7ffc5e3e0000 end_va = 0x7ffc5e522fff monitored = 0 entry_point = 0x7ffc5e408210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 664 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 665 start_va = 0x7ffc5e810000 end_va = 0x7ffc5e84afff monitored = 0 entry_point = 0x7ffc5e8112f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 668 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 669 start_va = 0x7ffc5a3a0000 end_va = 0x7ffc5a525fff monitored = 0 entry_point = 0x7ffc5a3ed700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 673 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 674 start_va = 0x6c0000 end_va = 0x6c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 675 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 676 start_va = 0x720000 end_va = 0x8a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 677 start_va = 0x8b0000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 678 start_va = 0xa40000 end_va = 0x1e3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 679 start_va = 0x1e40000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 682 start_va = 0x6d0000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 683 start_va = 0x7ffc5be30000 end_va = 0x7ffc5be43fff monitored = 0 entry_point = 0x7ffc5be352e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 684 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 685 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 686 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 687 start_va = 0x7ffc5c3c0000 end_va = 0x7ffc5ca03fff monitored = 0 entry_point = 0x7ffc5c5864b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 688 start_va = 0x7ffc5cb50000 end_va = 0x7ffc5cc04fff monitored = 0 entry_point = 0x7ffc5cb922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 689 start_va = 0x7ffc5cc80000 end_va = 0x7ffc5e1defff monitored = 0 entry_point = 0x7ffc5cde11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 690 start_va = 0x7ffc5e7b0000 end_va = 0x7ffc5e801fff monitored = 0 entry_point = 0x7ffc5e7bf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 691 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 692 start_va = 0x7ffc5a7b0000 end_va = 0x7ffc5a845fff monitored = 0 entry_point = 0x7ffc5a7d5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 694 start_va = 0x1f20000 end_va = 0x201ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 696 start_va = 0x2020000 end_va = 0x2356fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 697 start_va = 0x2360000 end_va = 0x2571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 698 start_va = 0x2580000 end_va = 0x2794fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 699 start_va = 0x27a0000 end_va = 0x28b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 700 start_va = 0x28c0000 end_va = 0x2ad1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 701 start_va = 0x2ae0000 end_va = 0x2bedfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 711 start_va = 0x1e40000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 712 start_va = 0x1f10000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 713 start_va = 0x7ffc5eac0000 end_va = 0x7ffc5ec19fff monitored = 0 entry_point = 0x7ffc5eb038e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 718 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 719 start_va = 0x1f20000 end_va = 0x1fdbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 720 start_va = 0x2010000 end_va = 0x201ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 721 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 722 start_va = 0x7ffc59dc0000 end_va = 0x7ffc59de1fff monitored = 0 entry_point = 0x7ffc59dc1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 732 start_va = 0x7ffc5a2c0000 end_va = 0x7ffc5a2d2fff monitored = 0 entry_point = 0x7ffc5a2c2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 742 start_va = 0x7ffc5bc40000 end_va = 0x7ffc5bc95fff monitored = 0 entry_point = 0x7ffc5bc50bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 743 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 744 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 745 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 746 start_va = 0x1e80000 end_va = 0x1e81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 747 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 748 start_va = 0x1ea0000 end_va = 0x1ea4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 764 start_va = 0x1eb0000 end_va = 0x1eb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 765 start_va = 0x1ec0000 end_va = 0x1ec1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 766 start_va = 0x7ffc52e60000 end_va = 0x7ffc530d3fff monitored = 0 entry_point = 0x7ffc52ed0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 776 start_va = 0x1ed0000 end_va = 0x1ed0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 777 start_va = 0x1ee0000 end_va = 0x1ee1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ee0000" filename = "" Thread: id = 14 os_tid = 0xbe8 Thread: id = 20 os_tid = 0xb50 Thread: id = 21 os_tid = 0xc9c Thread: id = 22 os_tid = 0xb38 Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75fd1000" os_pid = "0x344" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a36c" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 837 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 838 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 839 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 840 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 841 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 842 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 843 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 844 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 845 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 846 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 847 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 848 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 849 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 850 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 851 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 852 start_va = 0x510000 end_va = 0x511fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 853 start_va = 0x530000 end_va = 0x536fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 854 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 855 start_va = 0x580000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 856 start_va = 0x640000 end_va = 0x640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 857 start_va = 0x650000 end_va = 0x650fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 858 start_va = 0x660000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 859 start_va = 0x6f0000 end_va = 0x6f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 860 start_va = 0x700000 end_va = 0x706fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 861 start_va = 0x710000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 862 start_va = 0x790000 end_va = 0x790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 863 start_va = 0x7a0000 end_va = 0x7a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 864 start_va = 0x7c0000 end_va = 0x7c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 865 start_va = 0x7d0000 end_va = 0x7d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 866 start_va = 0x7e0000 end_va = 0x7e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 867 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 868 start_va = 0x900000 end_va = 0xa87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 869 start_va = 0xa90000 end_va = 0xc10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 870 start_va = 0xc20000 end_va = 0x101afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 871 start_va = 0x1020000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 872 start_va = 0x10a0000 end_va = 0x10a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 873 start_va = 0x10b0000 end_va = 0x10b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 874 start_va = 0x10e0000 end_va = 0x10e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 875 start_va = 0x10f0000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 876 start_va = 0x11f0000 end_va = 0x11f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 877 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 878 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 879 start_va = 0x1400000 end_va = 0x1736fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 880 start_va = 0x1740000 end_va = 0x183ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001740000" filename = "" Region: id = 881 start_va = 0x1840000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001840000" filename = "" Region: id = 882 start_va = 0x1940000 end_va = 0x1941fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001940000" filename = "" Region: id = 883 start_va = 0x1950000 end_va = 0x1951fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001950000" filename = "" Region: id = 884 start_va = 0x1970000 end_va = 0x19befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001970000" filename = "" Region: id = 885 start_va = 0x19c0000 end_va = 0x19c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 886 start_va = 0x19d0000 end_va = 0x19d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000019d0000" filename = "" Region: id = 887 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 888 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 889 start_va = 0x1c00000 end_va = 0x1cdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 890 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 891 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 892 start_va = 0x1f00000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 893 start_va = 0x2000000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 894 start_va = 0x2100000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 895 start_va = 0x2200000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 896 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 897 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 898 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 899 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 900 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 901 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 902 start_va = 0x2900000 end_va = 0x2944fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 903 start_va = 0x2950000 end_va = 0x29ddfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 904 start_va = 0x29e0000 end_va = 0x2adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029e0000" filename = "" Region: id = 905 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 906 start_va = 0x2c00000 end_va = 0x2c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 907 start_va = 0x2c80000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c80000" filename = "" Region: id = 908 start_va = 0x2d00000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 909 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 910 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 911 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 912 start_va = 0x3100000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 913 start_va = 0x3300000 end_va = 0x337ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 914 start_va = 0x3380000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003380000" filename = "" Region: id = 915 start_va = 0x3400000 end_va = 0x347ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 916 start_va = 0x3480000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 917 start_va = 0x3560000 end_va = 0x3566fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 918 start_va = 0x3570000 end_va = 0x35effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003570000" filename = "" Region: id = 919 start_va = 0x3650000 end_va = 0x374ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003650000" filename = "" Region: id = 920 start_va = 0x3800000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 921 start_va = 0x3900000 end_va = 0x397ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 922 start_va = 0x3980000 end_va = 0x3a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003980000" filename = "" Region: id = 923 start_va = 0x3a80000 end_va = 0x3b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 924 start_va = 0x3c00000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 925 start_va = 0x3d00000 end_va = 0x3d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 926 start_va = 0x3d80000 end_va = 0x3e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 927 start_va = 0x3e80000 end_va = 0x3f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 928 start_va = 0x3f80000 end_va = 0x407ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f80000" filename = "" Region: id = 929 start_va = 0x4180000 end_va = 0x427ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 930 start_va = 0x4280000 end_va = 0x437ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004280000" filename = "" Region: id = 931 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 932 start_va = 0x4660000 end_va = 0x4666fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004660000" filename = "" Region: id = 933 start_va = 0x4670000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004670000" filename = "" Region: id = 934 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 935 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 936 start_va = 0x4ad0000 end_va = 0x4ad6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ad0000" filename = "" Region: id = 937 start_va = 0x4b00000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 938 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 939 start_va = 0x4e00000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 940 start_va = 0x4f00000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 941 start_va = 0x5000000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 942 start_va = 0x5100000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 943 start_va = 0x5200000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 944 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 945 start_va = 0x5400000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 946 start_va = 0x5500000 end_va = 0x55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 947 start_va = 0x5600000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 948 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 949 start_va = 0x5a60000 end_va = 0x5a60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005a60000" filename = "" Region: id = 950 start_va = 0x5a70000 end_va = 0x5a7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 951 start_va = 0x5a90000 end_va = 0x5aa0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 952 start_va = 0x5ab0000 end_va = 0x5ac0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 953 start_va = 0x5ad0000 end_va = 0x5ae0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 954 start_va = 0x5e00000 end_va = 0x5efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e00000" filename = "" Region: id = 955 start_va = 0x5f00000 end_va = 0x5f10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 956 start_va = 0x5f20000 end_va = 0x5f30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 957 start_va = 0x5f40000 end_va = 0x5f50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 958 start_va = 0x5f60000 end_va = 0x5f70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 959 start_va = 0x5f80000 end_va = 0x5fa7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 960 start_va = 0x5fc0000 end_va = 0x5fc6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 961 start_va = 0x5fd0000 end_va = 0x60cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fd0000" filename = "" Region: id = 962 start_va = 0x60d0000 end_va = 0x60e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 963 start_va = 0x6100000 end_va = 0x61fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006100000" filename = "" Region: id = 964 start_va = 0x6200000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 965 start_va = 0x6300000 end_va = 0x63fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006300000" filename = "" Region: id = 966 start_va = 0x6400000 end_va = 0x64fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006400000" filename = "" Region: id = 967 start_va = 0x6500000 end_va = 0x65fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 968 start_va = 0x6800000 end_va = 0x68fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006800000" filename = "" Region: id = 969 start_va = 0x6900000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 970 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 971 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 972 start_va = 0x6c00000 end_va = 0x6cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 973 start_va = 0x6f00000 end_va = 0x6ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f00000" filename = "" Region: id = 974 start_va = 0x7000000 end_va = 0x70fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Region: id = 975 start_va = 0x7200000 end_va = 0x7230fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 976 start_va = 0x7240000 end_va = 0x7250fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 977 start_va = 0x7260000 end_va = 0x7290fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 978 start_va = 0x72a0000 end_va = 0x72d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 979 start_va = 0x7300000 end_va = 0x73fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007300000" filename = "" Region: id = 980 start_va = 0x7830000 end_va = 0x792ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007830000" filename = "" Region: id = 981 start_va = 0x7d00000 end_va = 0x7dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d00000" filename = "" Region: id = 982 start_va = 0x7f00000 end_va = 0x7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f00000" filename = "" Region: id = 983 start_va = 0x8000000 end_va = 0x80fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008000000" filename = "" Region: id = 984 start_va = 0x8100000 end_va = 0x81fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008100000" filename = "" Region: id = 985 start_va = 0x8200000 end_va = 0x82fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008200000" filename = "" Region: id = 986 start_va = 0x8300000 end_va = 0x83fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008300000" filename = "" Region: id = 987 start_va = 0x8400000 end_va = 0x84fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008400000" filename = "" Region: id = 988 start_va = 0x8500000 end_va = 0x85fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008500000" filename = "" Region: id = 989 start_va = 0x8600000 end_va = 0x86fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008600000" filename = "" Region: id = 990 start_va = 0x8700000 end_va = 0x87fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008700000" filename = "" Region: id = 991 start_va = 0x8800000 end_va = 0x88fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008800000" filename = "" Region: id = 992 start_va = 0x8900000 end_va = 0x89fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008900000" filename = "" Region: id = 993 start_va = 0x8a00000 end_va = 0x8afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a00000" filename = "" Region: id = 994 start_va = 0x9b00000 end_va = 0x9bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009b00000" filename = "" Region: id = 995 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 996 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 997 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 998 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 999 start_va = 0x7ff60e670000 end_va = 0x7ff60e67cfff monitored = 0 entry_point = 0x7ff60e673980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1000 start_va = 0x7ffc40cf0000 end_va = 0x7ffc40f9ffff monitored = 0 entry_point = 0x7ffc40cf1cf0 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 1001 start_va = 0x7ffc42cb0000 end_va = 0x7ffc42cf3fff monitored = 0 entry_point = 0x7ffc42cd83e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 1002 start_va = 0x7ffc42d00000 end_va = 0x7ffc42d5cfff monitored = 0 entry_point = 0x7ffc42d2e510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 1003 start_va = 0x7ffc43b80000 end_va = 0x7ffc43c8efff monitored = 0 entry_point = 0x7ffc43bbc010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1004 start_va = 0x7ffc43cd0000 end_va = 0x7ffc43d0efff monitored = 0 entry_point = 0x7ffc43cf82d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1005 start_va = 0x7ffc43d30000 end_va = 0x7ffc43d46fff monitored = 0 entry_point = 0x7ffc43d37520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 1006 start_va = 0x7ffc43df0000 end_va = 0x7ffc43e07fff monitored = 0 entry_point = 0x7ffc43dfb850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 1007 start_va = 0x7ffc44f90000 end_va = 0x7ffc44fc1fff monitored = 0 entry_point = 0x7ffc44f9b0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 1008 start_va = 0x7ffc452d0000 end_va = 0x7ffc452ecfff monitored = 0 entry_point = 0x7ffc452d4f60 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1009 start_va = 0x7ffc45dd0000 end_va = 0x7ffc45de7fff monitored = 0 entry_point = 0x7ffc45dd1b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 1010 start_va = 0x7ffc45df0000 end_va = 0x7ffc45e00fff monitored = 0 entry_point = 0x7ffc45df28d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 1011 start_va = 0x7ffc45e10000 end_va = 0x7ffc45e76fff monitored = 0 entry_point = 0x7ffc45e1b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1012 start_va = 0x7ffc45e80000 end_va = 0x7ffc45e93fff monitored = 0 entry_point = 0x7ffc45e82a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1013 start_va = 0x7ffc46130000 end_va = 0x7ffc4624cfff monitored = 0 entry_point = 0x7ffc4615fe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1014 start_va = 0x7ffc470c0000 end_va = 0x7ffc470c7fff monitored = 0 entry_point = 0x7ffc470c13b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 1015 start_va = 0x7ffc49bf0000 end_va = 0x7ffc49c35fff monitored = 0 entry_point = 0x7ffc49bf79a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 1016 start_va = 0x7ffc4bc90000 end_va = 0x7ffc4bcc5fff monitored = 0 entry_point = 0x7ffc4bc927f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 1017 start_va = 0x7ffc4bd50000 end_va = 0x7ffc4bd63fff monitored = 0 entry_point = 0x7ffc4bd53710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1018 start_va = 0x7ffc4bd70000 end_va = 0x7ffc4bd97fff monitored = 0 entry_point = 0x7ffc4bd7efc0 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 1019 start_va = 0x7ffc4be00000 end_va = 0x7ffc4be1dfff monitored = 0 entry_point = 0x7ffc4be0ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1020 start_va = 0x7ffc4be20000 end_va = 0x7ffc4be35fff monitored = 0 entry_point = 0x7ffc4be21af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1021 start_va = 0x7ffc4be40000 end_va = 0x7ffc4be59fff monitored = 0 entry_point = 0x7ffc4be42330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1022 start_va = 0x7ffc4be60000 end_va = 0x7ffc4be6cfff monitored = 0 entry_point = 0x7ffc4be61420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1023 start_va = 0x7ffc4c110000 end_va = 0x7ffc4c121fff monitored = 0 entry_point = 0x7ffc4c111a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 1024 start_va = 0x7ffc4c140000 end_va = 0x7ffc4c1c3fff monitored = 0 entry_point = 0x7ffc4c158d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1025 start_va = 0x7ffc4c1d0000 end_va = 0x7ffc4c1e5fff monitored = 0 entry_point = 0x7ffc4c1d55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1026 start_va = 0x7ffc4c1f0000 end_va = 0x7ffc4c2c5fff monitored = 0 entry_point = 0x7ffc4c21a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1027 start_va = 0x7ffc4c2d0000 end_va = 0x7ffc4c333fff monitored = 0 entry_point = 0x7ffc4c2ebed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1028 start_va = 0x7ffc4c340000 end_va = 0x7ffc4c364fff monitored = 0 entry_point = 0x7ffc4c349900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1029 start_va = 0x7ffc4c370000 end_va = 0x7ffc4c383fff monitored = 0 entry_point = 0x7ffc4c371800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1030 start_va = 0x7ffc4c390000 end_va = 0x7ffc4c485fff monitored = 0 entry_point = 0x7ffc4c3c9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1031 start_va = 0x7ffc4c490000 end_va = 0x7ffc4c503fff monitored = 0 entry_point = 0x7ffc4c4a5eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1032 start_va = 0x7ffc4c510000 end_va = 0x7ffc4c646fff monitored = 0 entry_point = 0x7ffc4c550480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1033 start_va = 0x7ffc4c650000 end_va = 0x7ffc4c65efff monitored = 0 entry_point = 0x7ffc4c654960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1034 start_va = 0x7ffc4cc10000 end_va = 0x7ffc4cc20fff monitored = 0 entry_point = 0x7ffc4cc17480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 1035 start_va = 0x7ffc4dbb0000 end_va = 0x7ffc4dbc0fff monitored = 0 entry_point = 0x7ffc4dbb2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1036 start_va = 0x7ffc4dbd0000 end_va = 0x7ffc4dbedfff monitored = 0 entry_point = 0x7ffc4dbd3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1037 start_va = 0x7ffc4dbf0000 end_va = 0x7ffc4dc71fff monitored = 0 entry_point = 0x7ffc4dbf2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1038 start_va = 0x7ffc4dcd0000 end_va = 0x7ffc4dd0ffff monitored = 0 entry_point = 0x7ffc4dcdcbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 1039 start_va = 0x7ffc4dd10000 end_va = 0x7ffc4dd56fff monitored = 0 entry_point = 0x7ffc4dd11d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 1040 start_va = 0x7ffc4dd60000 end_va = 0x7ffc4dda1fff monitored = 0 entry_point = 0x7ffc4dd63670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1041 start_va = 0x7ffc4ddd0000 end_va = 0x7ffc4ddf1fff monitored = 0 entry_point = 0x7ffc4dde2540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 1042 start_va = 0x7ffc4de00000 end_va = 0x7ffc4ded4fff monitored = 0 entry_point = 0x7ffc4de1cf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1043 start_va = 0x7ffc4dfc0000 end_va = 0x7ffc4dffffff monitored = 0 entry_point = 0x7ffc4dfd6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1044 start_va = 0x7ffc4e070000 end_va = 0x7ffc4e08efff monitored = 0 entry_point = 0x7ffc4e0737e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 1045 start_va = 0x7ffc4e090000 end_va = 0x7ffc4e108fff monitored = 0 entry_point = 0x7ffc4e0976a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 1046 start_va = 0x7ffc4e2f0000 end_va = 0x7ffc4e305fff monitored = 0 entry_point = 0x7ffc4e2f1d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 1047 start_va = 0x7ffc4e310000 end_va = 0x7ffc4e327fff monitored = 0 entry_point = 0x7ffc4e314e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 1048 start_va = 0x7ffc4e330000 end_va = 0x7ffc4e354fff monitored = 0 entry_point = 0x7ffc4e335ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 1049 start_va = 0x7ffc4e3c0000 end_va = 0x7ffc4e400fff monitored = 0 entry_point = 0x7ffc4e3c3750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1050 start_va = 0x7ffc4e410000 end_va = 0x7ffc4e502fff monitored = 0 entry_point = 0x7ffc4e435d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1051 start_va = 0x7ffc4e510000 end_va = 0x7ffc4e527fff monitored = 0 entry_point = 0x7ffc4e512000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1052 start_va = 0x7ffc4e530000 end_va = 0x7ffc4e6b1fff monitored = 0 entry_point = 0x7ffc4e5482a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1053 start_va = 0x7ffc4eca0000 end_va = 0x7ffc4ed42fff monitored = 0 entry_point = 0x7ffc4eca2c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1054 start_va = 0x7ffc4ed50000 end_va = 0x7ffc4eda1fff monitored = 0 entry_point = 0x7ffc4ed55770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1055 start_va = 0x7ffc4edb0000 end_va = 0x7ffc4edddfff monitored = 1 entry_point = 0x7ffc4edb2300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 1056 start_va = 0x7ffc4ede0000 end_va = 0x7ffc4ee3dfff monitored = 0 entry_point = 0x7ffc4ede5080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 1057 start_va = 0x7ffc4ee40000 end_va = 0x7ffc4ee5ffff monitored = 0 entry_point = 0x7ffc4ee41f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 1058 start_va = 0x7ffc4ee60000 end_va = 0x7ffc4ee68fff monitored = 0 entry_point = 0x7ffc4ee618f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 1059 start_va = 0x7ffc4ee70000 end_va = 0x7ffc4ee80fff monitored = 0 entry_point = 0x7ffc4ee71d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1060 start_va = 0x7ffc4ee90000 end_va = 0x7ffc4ef0efff monitored = 0 entry_point = 0x7ffc4eea7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1061 start_va = 0x7ffc4ef10000 end_va = 0x7ffc4ef4bfff monitored = 0 entry_point = 0x7ffc4ef16aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1062 start_va = 0x7ffc4f0d0000 end_va = 0x7ffc4f11bfff monitored = 0 entry_point = 0x7ffc4f0e5310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1063 start_va = 0x7ffc4f220000 end_va = 0x7ffc4f22bfff monitored = 0 entry_point = 0x7ffc4f2235c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1064 start_va = 0x7ffc505f0000 end_va = 0x7ffc505f8fff monitored = 0 entry_point = 0x7ffc505f21d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 1065 start_va = 0x7ffc50660000 end_va = 0x7ffc50694fff monitored = 0 entry_point = 0x7ffc5066a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 1066 start_va = 0x7ffc51300000 end_va = 0x7ffc51309fff monitored = 0 entry_point = 0x7ffc51301350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1067 start_va = 0x7ffc516a0000 end_va = 0x7ffc516b1fff monitored = 0 entry_point = 0x7ffc516a3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1068 start_va = 0x7ffc538e0000 end_va = 0x7ffc538e9fff monitored = 0 entry_point = 0x7ffc538e14c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1069 start_va = 0x7ffc53d70000 end_va = 0x7ffc53d7ffff monitored = 0 entry_point = 0x7ffc53d71700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 1070 start_va = 0x7ffc53d80000 end_va = 0x7ffc53d88fff monitored = 0 entry_point = 0x7ffc53d81ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 1071 start_va = 0x7ffc53d90000 end_va = 0x7ffc53dbcfff monitored = 0 entry_point = 0x7ffc53d92290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 1072 start_va = 0x7ffc53dc0000 end_va = 0x7ffc53e11fff monitored = 0 entry_point = 0x7ffc53dc38e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 1073 start_va = 0x7ffc54080000 end_va = 0x7ffc540fffff monitored = 0 entry_point = 0x7ffc540ad280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1074 start_va = 0x7ffc54160000 end_va = 0x7ffc54174fff monitored = 0 entry_point = 0x7ffc54162dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1075 start_va = 0x7ffc541c0000 end_va = 0x7ffc541cdfff monitored = 0 entry_point = 0x7ffc541c1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1076 start_va = 0x7ffc541d0000 end_va = 0x7ffc541eafff monitored = 0 entry_point = 0x7ffc541d1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 1077 start_va = 0x7ffc54510000 end_va = 0x7ffc545a9fff monitored = 0 entry_point = 0x7ffc5452ada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1078 start_va = 0x7ffc54610000 end_va = 0x7ffc5462efff monitored = 0 entry_point = 0x7ffc54614960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1079 start_va = 0x7ffc54680000 end_va = 0x7ffc546e6fff monitored = 0 entry_point = 0x7ffc546863e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1080 start_va = 0x7ffc54740000 end_va = 0x7ffc54754fff monitored = 0 entry_point = 0x7ffc54743460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1081 start_va = 0x7ffc54830000 end_va = 0x7ffc548effff monitored = 0 entry_point = 0x7ffc5485fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1082 start_va = 0x7ffc54960000 end_va = 0x7ffc5496afff monitored = 0 entry_point = 0x7ffc54961de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1083 start_va = 0x7ffc54b20000 end_va = 0x7ffc54b39fff monitored = 0 entry_point = 0x7ffc54b22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1084 start_va = 0x7ffc54b40000 end_va = 0x7ffc54b53fff monitored = 0 entry_point = 0x7ffc54b42d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1085 start_va = 0x7ffc54ed0000 end_va = 0x7ffc54f62fff monitored = 0 entry_point = 0x7ffc54ed9680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1086 start_va = 0x7ffc55190000 end_va = 0x7ffc551a5fff monitored = 0 entry_point = 0x7ffc551919f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1087 start_va = 0x7ffc55360000 end_va = 0x7ffc55378fff monitored = 0 entry_point = 0x7ffc55364520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1088 start_va = 0x7ffc55820000 end_va = 0x7ffc55857fff monitored = 0 entry_point = 0x7ffc55838cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1089 start_va = 0x7ffc55860000 end_va = 0x7ffc5586afff monitored = 0 entry_point = 0x7ffc55861d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1090 start_va = 0x7ffc55c60000 end_va = 0x7ffc55fe1fff monitored = 0 entry_point = 0x7ffc55cb1220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1091 start_va = 0x7ffc570e0000 end_va = 0x7ffc571edfff monitored = 0 entry_point = 0x7ffc5712eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 1092 start_va = 0x7ffc574f0000 end_va = 0x7ffc57506fff monitored = 0 entry_point = 0x7ffc574f5630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1093 start_va = 0x7ffc57570000 end_va = 0x7ffc57582fff monitored = 0 entry_point = 0x7ffc575757f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1094 start_va = 0x7ffc57590000 end_va = 0x7ffc57609fff monitored = 0 entry_point = 0x7ffc575b7630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1095 start_va = 0x7ffc57620000 end_va = 0x7ffc5764dfff monitored = 0 entry_point = 0x7ffc57627550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1096 start_va = 0x7ffc57650000 end_va = 0x7ffc57665fff monitored = 0 entry_point = 0x7ffc57651b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1097 start_va = 0x7ffc57670000 end_va = 0x7ffc576d3fff monitored = 0 entry_point = 0x7ffc57685ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1098 start_va = 0x7ffc578a0000 end_va = 0x7ffc5794dfff monitored = 0 entry_point = 0x7ffc578b80c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 1099 start_va = 0x7ffc57950000 end_va = 0x7ffc57961fff monitored = 0 entry_point = 0x7ffc57959260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 1100 start_va = 0x7ffc57970000 end_va = 0x7ffc57a20fff monitored = 0 entry_point = 0x7ffc579e88b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 1101 start_va = 0x7ffc57a30000 end_va = 0x7ffc57a54fff monitored = 0 entry_point = 0x7ffc57a42f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 1102 start_va = 0x7ffc57a60000 end_va = 0x7ffc57a70fff monitored = 0 entry_point = 0x7ffc57a67ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 1103 start_va = 0x7ffc57a80000 end_va = 0x7ffc57a99fff monitored = 0 entry_point = 0x7ffc57a82cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 1104 start_va = 0x7ffc57aa0000 end_va = 0x7ffc57af4fff monitored = 0 entry_point = 0x7ffc57aa3fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1105 start_va = 0x7ffc57b00000 end_va = 0x7ffc57b36fff monitored = 0 entry_point = 0x7ffc57b06020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 1106 start_va = 0x7ffc57b40000 end_va = 0x7ffc57b5ffff monitored = 0 entry_point = 0x7ffc57b439a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 1107 start_va = 0x7ffc57b60000 end_va = 0x7ffc57ba0fff monitored = 0 entry_point = 0x7ffc57b64840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 1108 start_va = 0x7ffc57bb0000 end_va = 0x7ffc57ce5fff monitored = 0 entry_point = 0x7ffc57bdf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1109 start_va = 0x7ffc57cf0000 end_va = 0x7ffc57dd5fff monitored = 0 entry_point = 0x7ffc57d0cf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 1110 start_va = 0x7ffc57de0000 end_va = 0x7ffc57debfff monitored = 0 entry_point = 0x7ffc57de14d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 1111 start_va = 0x7ffc57df0000 end_va = 0x7ffc57dfbfff monitored = 0 entry_point = 0x7ffc57df2830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 1112 start_va = 0x7ffc57e00000 end_va = 0x7ffc57e3dfff monitored = 0 entry_point = 0x7ffc57e0a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1113 start_va = 0x7ffc57e40000 end_va = 0x7ffc57e66fff monitored = 0 entry_point = 0x7ffc57e43bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 1114 start_va = 0x7ffc57e70000 end_va = 0x7ffc57f37fff monitored = 0 entry_point = 0x7ffc57eb13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1115 start_va = 0x7ffc57f40000 end_va = 0x7ffc57fa0fff monitored = 0 entry_point = 0x7ffc57f44b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1116 start_va = 0x7ffc57fb0000 end_va = 0x7ffc5812bfff monitored = 0 entry_point = 0x7ffc58001650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 1117 start_va = 0x7ffc58130000 end_va = 0x7ffc5813afff monitored = 0 entry_point = 0x7ffc58131770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 1118 start_va = 0x7ffc58140000 end_va = 0x7ffc58194fff monitored = 0 entry_point = 0x7ffc5814fc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1119 start_va = 0x7ffc58230000 end_va = 0x7ffc582c1fff monitored = 0 entry_point = 0x7ffc5827a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1120 start_va = 0x7ffc58350000 end_va = 0x7ffc5835cfff monitored = 0 entry_point = 0x7ffc58352ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 1121 start_va = 0x7ffc58b50000 end_va = 0x7ffc58b7efff monitored = 0 entry_point = 0x7ffc58b58910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 1122 start_va = 0x7ffc58b80000 end_va = 0x7ffc58b8ffff monitored = 0 entry_point = 0x7ffc58b82c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 1123 start_va = 0x7ffc58c20000 end_va = 0x7ffc58c55fff monitored = 0 entry_point = 0x7ffc58c30070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1124 start_va = 0x7ffc58cd0000 end_va = 0x7ffc58d3dfff monitored = 0 entry_point = 0x7ffc58cd7f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1125 start_va = 0x7ffc58d40000 end_va = 0x7ffc58d50fff monitored = 0 entry_point = 0x7ffc58d43320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1126 start_va = 0x7ffc58d60000 end_va = 0x7ffc58da0fff monitored = 0 entry_point = 0x7ffc58d77eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1127 start_va = 0x7ffc58db0000 end_va = 0x7ffc58eabfff monitored = 0 entry_point = 0x7ffc58de6df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1128 start_va = 0x7ffc58eb0000 end_va = 0x7ffc58f6efff monitored = 0 entry_point = 0x7ffc58ed1c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1129 start_va = 0x7ffc58fc0000 end_va = 0x7ffc58fc9fff monitored = 0 entry_point = 0x7ffc58fc1660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1130 start_va = 0x7ffc58fd0000 end_va = 0x7ffc58fe7fff monitored = 0 entry_point = 0x7ffc58fd5910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1131 start_va = 0x7ffc58ff0000 end_va = 0x7ffc5913cfff monitored = 0 entry_point = 0x7ffc59033da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1132 start_va = 0x7ffc59500000 end_va = 0x7ffc59992fff monitored = 0 entry_point = 0x7ffc5950f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1133 start_va = 0x7ffc599a0000 end_va = 0x7ffc59a06fff monitored = 0 entry_point = 0x7ffc599be710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1134 start_va = 0x7ffc5a2c0000 end_va = 0x7ffc5a2d2fff monitored = 0 entry_point = 0x7ffc5a2c2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1135 start_va = 0x7ffc5a2e0000 end_va = 0x7ffc5a358fff monitored = 0 entry_point = 0x7ffc5a2ffb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1136 start_va = 0x7ffc5a360000 end_va = 0x7ffc5a367fff monitored = 0 entry_point = 0x7ffc5a3613e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 1137 start_va = 0x7ffc5a3a0000 end_va = 0x7ffc5a525fff monitored = 0 entry_point = 0x7ffc5a3ed700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1138 start_va = 0x7ffc5a530000 end_va = 0x7ffc5a54bfff monitored = 0 entry_point = 0x7ffc5a5337a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1139 start_va = 0x7ffc5a6e0000 end_va = 0x7ffc5a71ffff monitored = 0 entry_point = 0x7ffc5a6f1960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 1140 start_va = 0x7ffc5a850000 end_va = 0x7ffc5a876fff monitored = 0 entry_point = 0x7ffc5a857940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1141 start_va = 0x7ffc5a8a0000 end_va = 0x7ffc5a949fff monitored = 0 entry_point = 0x7ffc5a8c7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1142 start_va = 0x7ffc5a950000 end_va = 0x7ffc5aa4ffff monitored = 0 entry_point = 0x7ffc5a990f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1143 start_va = 0x7ffc5aae0000 end_va = 0x7ffc5aaebfff monitored = 0 entry_point = 0x7ffc5aae2480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1144 start_va = 0x7ffc5abb0000 end_va = 0x7ffc5abe1fff monitored = 0 entry_point = 0x7ffc5abc2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1145 start_va = 0x7ffc5ae20000 end_va = 0x7ffc5ae2bfff monitored = 0 entry_point = 0x7ffc5ae22790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 1146 start_va = 0x7ffc5ae30000 end_va = 0x7ffc5ae53fff monitored = 0 entry_point = 0x7ffc5ae33260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1147 start_va = 0x7ffc5afd0000 end_va = 0x7ffc5b0c3fff monitored = 0 entry_point = 0x7ffc5afda960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1148 start_va = 0x7ffc5b120000 end_va = 0x7ffc5b168fff monitored = 0 entry_point = 0x7ffc5b12a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1149 start_va = 0x7ffc5b240000 end_va = 0x7ffc5b24bfff monitored = 0 entry_point = 0x7ffc5b2427e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1150 start_va = 0x7ffc5b320000 end_va = 0x7ffc5b350fff monitored = 0 entry_point = 0x7ffc5b327d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1151 start_va = 0x7ffc5b380000 end_va = 0x7ffc5b3f9fff monitored = 0 entry_point = 0x7ffc5b3a1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1152 start_va = 0x7ffc5b440000 end_va = 0x7ffc5b473fff monitored = 0 entry_point = 0x7ffc5b45ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1153 start_va = 0x7ffc5b480000 end_va = 0x7ffc5b489fff monitored = 0 entry_point = 0x7ffc5b481830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1154 start_va = 0x7ffc5b590000 end_va = 0x7ffc5b5aefff monitored = 0 entry_point = 0x7ffc5b595d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1155 start_va = 0x7ffc5b700000 end_va = 0x7ffc5b75bfff monitored = 0 entry_point = 0x7ffc5b716f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1156 start_va = 0x7ffc5b7b0000 end_va = 0x7ffc5b7c6fff monitored = 0 entry_point = 0x7ffc5b7b79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1157 start_va = 0x7ffc5b8d0000 end_va = 0x7ffc5b8dafff monitored = 0 entry_point = 0x7ffc5b8d19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1158 start_va = 0x7ffc5b910000 end_va = 0x7ffc5b930fff monitored = 0 entry_point = 0x7ffc5b920250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 1159 start_va = 0x7ffc5b960000 end_va = 0x7ffc5b999fff monitored = 0 entry_point = 0x7ffc5b968d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1160 start_va = 0x7ffc5b9a0000 end_va = 0x7ffc5b9c6fff monitored = 0 entry_point = 0x7ffc5b9b0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1161 start_va = 0x7ffc5bab0000 end_va = 0x7ffc5badcfff monitored = 0 entry_point = 0x7ffc5bac9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1162 start_va = 0x7ffc5bc40000 end_va = 0x7ffc5bc95fff monitored = 0 entry_point = 0x7ffc5bc50bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1163 start_va = 0x7ffc5bca0000 end_va = 0x7ffc5bcb8fff monitored = 0 entry_point = 0x7ffc5bca5e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 1164 start_va = 0x7ffc5bcc0000 end_va = 0x7ffc5bce8fff monitored = 0 entry_point = 0x7ffc5bcd4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1165 start_va = 0x7ffc5bcf0000 end_va = 0x7ffc5bd88fff monitored = 0 entry_point = 0x7ffc5bd1f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1166 start_va = 0x7ffc5be30000 end_va = 0x7ffc5be43fff monitored = 0 entry_point = 0x7ffc5be352e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1167 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1168 start_va = 0x7ffc5be60000 end_va = 0x7ffc5be6ffff monitored = 0 entry_point = 0x7ffc5be656e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1169 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1170 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1171 start_va = 0x7ffc5bf10000 end_va = 0x7ffc5bf95fff monitored = 0 entry_point = 0x7ffc5bf1d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1172 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1173 start_va = 0x7ffc5c190000 end_va = 0x7ffc5c356fff monitored = 0 entry_point = 0x7ffc5c1edb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1174 start_va = 0x7ffc5c360000 end_va = 0x7ffc5c3b4fff monitored = 0 entry_point = 0x7ffc5c377970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1175 start_va = 0x7ffc5c3c0000 end_va = 0x7ffc5ca03fff monitored = 0 entry_point = 0x7ffc5c5864b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1176 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1177 start_va = 0x7ffc5cb30000 end_va = 0x7ffc5cb46fff monitored = 0 entry_point = 0x7ffc5cb31390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1178 start_va = 0x7ffc5cb50000 end_va = 0x7ffc5cc04fff monitored = 0 entry_point = 0x7ffc5cb922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1179 start_va = 0x7ffc5cc10000 end_va = 0x7ffc5cc6bfff monitored = 0 entry_point = 0x7ffc5cc2b720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1180 start_va = 0x7ffc5cc80000 end_va = 0x7ffc5e1defff monitored = 0 entry_point = 0x7ffc5cde11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1181 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1182 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1183 start_va = 0x7ffc5e3e0000 end_va = 0x7ffc5e522fff monitored = 0 entry_point = 0x7ffc5e408210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1184 start_va = 0x7ffc5e740000 end_va = 0x7ffc5e7aafff monitored = 0 entry_point = 0x7ffc5e7590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1185 start_va = 0x7ffc5e7b0000 end_va = 0x7ffc5e801fff monitored = 0 entry_point = 0x7ffc5e7bf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1186 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1187 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1188 start_va = 0x7ffc5e950000 end_va = 0x7ffc5e957fff monitored = 0 entry_point = 0x7ffc5e951ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1189 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1190 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1191 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1192 start_va = 0x7ffc5ee90000 end_va = 0x7ffc5f2b8fff monitored = 0 entry_point = 0x7ffc5eeb8740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1193 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1194 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1195 start_va = 0x7ffc5f760000 end_va = 0x7ffc5f806fff monitored = 0 entry_point = 0x7ffc5f76b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1196 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1228 start_va = 0x9e00000 end_va = 0x9efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e00000" filename = "" Region: id = 1229 start_va = 0x9f00000 end_va = 0x9ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f00000" filename = "" Region: id = 1230 start_va = 0xa000000 end_va = 0xa0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a000000" filename = "" Region: id = 1231 start_va = 0xa100000 end_va = 0xa1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a100000" filename = "" Region: id = 1232 start_va = 0xa200000 end_va = 0xa2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a200000" filename = "" Region: id = 1233 start_va = 0xa300000 end_va = 0xa3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a300000" filename = "" Region: id = 1357 start_va = 0x520000 end_va = 0x524fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1360 start_va = 0x520000 end_va = 0x524fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1384 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1385 start_va = 0x520000 end_va = 0x522fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1396 start_va = 0x550000 end_va = 0x562fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1399 start_va = 0x520000 end_va = 0x522fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1400 start_va = 0x520000 end_va = 0x523fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1401 start_va = 0x520000 end_va = 0x522fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1638 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1639 start_va = 0xa400000 end_va = 0xa4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a400000" filename = "" Region: id = 1641 start_va = 0xa500000 end_va = 0xa5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a500000" filename = "" Region: id = 1642 start_va = 0xa600000 end_va = 0xa6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a600000" filename = "" Region: id = 1643 start_va = 0x3200000 end_va = 0x327ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 1644 start_va = 0x3280000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 1645 start_va = 0x520000 end_va = 0x521fff monitored = 0 entry_point = 0x525630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1646 start_va = 0x550000 end_va = 0x554fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 1647 start_va = 0x7ffc59400000 end_va = 0x7ffc59450fff monitored = 0 entry_point = 0x7ffc594025e0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 1649 start_va = 0x4380000 end_va = 0x447ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004380000" filename = "" Thread: id = 27 os_tid = 0x3c4 Thread: id = 28 os_tid = 0xc1c Thread: id = 29 os_tid = 0x1374 Thread: id = 30 os_tid = 0x868 Thread: id = 31 os_tid = 0xda4 Thread: id = 32 os_tid = 0x580 Thread: id = 33 os_tid = 0x8a0 Thread: id = 34 os_tid = 0x870 Thread: id = 35 os_tid = 0x9f4 Thread: id = 36 os_tid = 0x2a4 Thread: id = 37 os_tid = 0xe14 Thread: id = 38 os_tid = 0x748 Thread: id = 39 os_tid = 0x758 Thread: id = 40 os_tid = 0x428 Thread: id = 41 os_tid = 0x4cc Thread: id = 42 os_tid = 0x3d4 Thread: id = 43 os_tid = 0x290 Thread: id = 44 os_tid = 0xe4c Thread: id = 45 os_tid = 0xc48 Thread: id = 46 os_tid = 0xe44 Thread: id = 47 os_tid = 0xd08 Thread: id = 48 os_tid = 0x604 Thread: id = 49 os_tid = 0xd00 Thread: id = 50 os_tid = 0xcfc Thread: id = 51 os_tid = 0xce4 Thread: id = 52 os_tid = 0x364 Thread: id = 53 os_tid = 0x444 Thread: id = 54 os_tid = 0xcc0 Thread: id = 55 os_tid = 0xc70 Thread: id = 56 os_tid = 0x5f0 Thread: id = 57 os_tid = 0xc0c Thread: id = 58 os_tid = 0xb98 Thread: id = 59 os_tid = 0xa0c Thread: id = 60 os_tid = 0xffc Thread: id = 61 os_tid = 0xfd0 Thread: id = 62 os_tid = 0xfc8 Thread: id = 63 os_tid = 0xfb8 Thread: id = 64 os_tid = 0xfb0 Thread: id = 65 os_tid = 0xfa8 Thread: id = 66 os_tid = 0xf38 Thread: id = 67 os_tid = 0xc64 Thread: id = 68 os_tid = 0xb4c Thread: id = 69 os_tid = 0x9fc Thread: id = 70 os_tid = 0x9f8 Thread: id = 71 os_tid = 0x9b4 Thread: id = 72 os_tid = 0x9a4 Thread: id = 73 os_tid = 0x950 Thread: id = 74 os_tid = 0x94c Thread: id = 75 os_tid = 0x948 Thread: id = 76 os_tid = 0x928 Thread: id = 77 os_tid = 0x8f8 Thread: id = 78 os_tid = 0x8f4 Thread: id = 79 os_tid = 0x8c4 Thread: id = 80 os_tid = 0x8b0 Thread: id = 81 os_tid = 0x894 Thread: id = 82 os_tid = 0x888 Thread: id = 83 os_tid = 0x87c Thread: id = 84 os_tid = 0x86c Thread: id = 85 os_tid = 0x864 Thread: id = 86 os_tid = 0x840 Thread: id = 87 os_tid = 0x4f4 Thread: id = 88 os_tid = 0x464 Thread: id = 89 os_tid = 0x4d0 Thread: id = 90 os_tid = 0x420 Thread: id = 91 os_tid = 0x7c0 Thread: id = 92 os_tid = 0x608 Thread: id = 93 os_tid = 0x4f8 Thread: id = 94 os_tid = 0x49c Thread: id = 95 os_tid = 0x2ac Thread: id = 96 os_tid = 0x1b4 Thread: id = 97 os_tid = 0x1b8 Thread: id = 98 os_tid = 0x1cc Thread: id = 99 os_tid = 0x16c Thread: id = 100 os_tid = 0x190 Thread: id = 101 os_tid = 0x3fc Thread: id = 102 os_tid = 0x3f4 Thread: id = 103 os_tid = 0x3e8 Thread: id = 104 os_tid = 0x3e4 Thread: id = 105 os_tid = 0x3d0 Thread: id = 106 os_tid = 0x3cc Thread: id = 107 os_tid = 0x348 Thread: id = 124 os_tid = 0xf64 Thread: id = 125 os_tid = 0xf70 Thread: id = 126 os_tid = 0xed0 Thread: id = 127 os_tid = 0x12c4 Thread: id = 128 os_tid = 0xbf0 Thread: id = 129 os_tid = 0xea8 Thread: id = 138 os_tid = 0x4c8 Thread: id = 165 os_tid = 0xff4 Thread: id = 166 os_tid = 0xe00 Thread: id = 167 os_tid = 0x136c Thread: id = 168 os_tid = 0xb4c Thread: id = 169 os_tid = 0x37c Thread: id = 170 os_tid = 0x3c4 Thread: id = 171 os_tid = 0x93c Thread: id = 172 os_tid = 0x650 Process: id = "6" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x58fa0000" os_pid = "0xd74" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xe], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a36c" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1411 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1412 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1413 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1414 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1415 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1416 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1417 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1418 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1419 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1420 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1421 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1422 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1423 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1424 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1425 start_va = 0x490000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1426 start_va = 0x590000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1427 start_va = 0x650000 end_va = 0x654fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1428 start_va = 0x660000 end_va = 0x660fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 1429 start_va = 0x670000 end_va = 0x670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 1430 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 1431 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1432 start_va = 0x6b0000 end_va = 0x9e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1433 start_va = 0x9f0000 end_va = 0xb77fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 1434 start_va = 0xb80000 end_va = 0xd00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 1435 start_va = 0xd10000 end_va = 0xd8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 1436 start_va = 0xd90000 end_va = 0xe8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 1437 start_va = 0xe90000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 1438 start_va = 0xf10000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 1439 start_va = 0xf90000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1440 start_va = 0x1010000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 1441 start_va = 0x1090000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 1442 start_va = 0x1110000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 1443 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1444 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1445 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1446 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1447 start_va = 0x7ff681dc0000 end_va = 0x7ff681e3ffff monitored = 0 entry_point = 0x7ff681dd5f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1448 start_va = 0x7ffc43040000 end_va = 0x7ffc4308cfff monitored = 0 entry_point = 0x7ffc4304b470 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 1449 start_va = 0x7ffc43c90000 end_va = 0x7ffc43cccfff monitored = 0 entry_point = 0x7ffc43c9b760 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 1450 start_va = 0x7ffc47390000 end_va = 0x7ffc473b4fff monitored = 0 entry_point = 0x7ffc473a5dc0 region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 1451 start_va = 0x7ffc4c1d0000 end_va = 0x7ffc4c1e5fff monitored = 0 entry_point = 0x7ffc4c1d55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1452 start_va = 0x7ffc4c340000 end_va = 0x7ffc4c364fff monitored = 0 entry_point = 0x7ffc4c349900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1453 start_va = 0x7ffc4c370000 end_va = 0x7ffc4c383fff monitored = 0 entry_point = 0x7ffc4c371800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1454 start_va = 0x7ffc4c390000 end_va = 0x7ffc4c485fff monitored = 0 entry_point = 0x7ffc4c3c9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1455 start_va = 0x7ffc4dbb0000 end_va = 0x7ffc4dbc0fff monitored = 0 entry_point = 0x7ffc4dbb2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1456 start_va = 0x7ffc4ee90000 end_va = 0x7ffc4ef0efff monitored = 0 entry_point = 0x7ffc4eea7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1457 start_va = 0x7ffc57670000 end_va = 0x7ffc576d3fff monitored = 0 entry_point = 0x7ffc57685ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1458 start_va = 0x7ffc58d40000 end_va = 0x7ffc58d50fff monitored = 0 entry_point = 0x7ffc58d43320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1459 start_va = 0x7ffc5b320000 end_va = 0x7ffc5b350fff monitored = 0 entry_point = 0x7ffc5b327d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1460 start_va = 0x7ffc5bcc0000 end_va = 0x7ffc5bce8fff monitored = 0 entry_point = 0x7ffc5bcd4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1461 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1462 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1463 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1464 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1465 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1466 start_va = 0x7ffc5e740000 end_va = 0x7ffc5e7aafff monitored = 0 entry_point = 0x7ffc5e7590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1467 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1468 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1469 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1470 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1471 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1472 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1473 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1474 start_va = 0x7ffc5f760000 end_va = 0x7ffc5f806fff monitored = 0 entry_point = 0x7ffc5f76b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1475 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 108 os_tid = 0x368 Thread: id = 109 os_tid = 0x3b8 Thread: id = 110 os_tid = 0xe60 Thread: id = 111 os_tid = 0x288 Thread: id = 112 os_tid = 0x254 Thread: id = 113 os_tid = 0x66c Thread: id = 114 os_tid = 0xe94 Thread: id = 115 os_tid = 0xd70 Thread: id = 173 os_tid = 0x880 Process: id = "7" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x1a212000" os_pid = "0xd78" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00033fa1" [0xc000000f] Region: id = 1234 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1235 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1236 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1237 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1238 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1239 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1240 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1241 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1242 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1243 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1244 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1245 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1246 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1247 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 1248 start_va = 0x440000 end_va = 0x442fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 1249 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1250 start_va = 0x490000 end_va = 0x494fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1251 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 1252 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 1253 start_va = 0x4c0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1254 start_va = 0x5c0000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1255 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 1256 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1257 start_va = 0x6a0000 end_va = 0x9d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1258 start_va = 0x9e0000 end_va = 0xb67fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 1259 start_va = 0xb70000 end_va = 0xcf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 1260 start_va = 0xd80000 end_va = 0xe7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 1261 start_va = 0xf00000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 1262 start_va = 0xf80000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 1263 start_va = 0x1000000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 1264 start_va = 0x1080000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 1265 start_va = 0x1180000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 1266 start_va = 0x1200000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1267 start_va = 0x1300000 end_va = 0x137ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 1268 start_va = 0x1380000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 1269 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1270 start_va = 0x180000000 end_va = 0x180002fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 1271 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1272 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1273 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1274 start_va = 0x7ff681dc0000 end_va = 0x7ff681e3ffff monitored = 0 entry_point = 0x7ff681dd5f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1275 start_va = 0x7ffc43090000 end_va = 0x7ffc4325efff monitored = 0 entry_point = 0x7ffc430b7df0 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 1276 start_va = 0x7ffc47380000 end_va = 0x7ffc4738dfff monitored = 0 entry_point = 0x7ffc47381da0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1277 start_va = 0x7ffc49be0000 end_va = 0x7ffc49beafff monitored = 0 entry_point = 0x7ffc49be12b0 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1278 start_va = 0x7ffc4a5c0000 end_va = 0x7ffc4a5d3fff monitored = 0 entry_point = 0x7ffc4a5c1310 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1279 start_va = 0x7ffc4c1d0000 end_va = 0x7ffc4c1e5fff monitored = 0 entry_point = 0x7ffc4c1d55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1280 start_va = 0x7ffc4c340000 end_va = 0x7ffc4c364fff monitored = 0 entry_point = 0x7ffc4c349900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1281 start_va = 0x7ffc4c370000 end_va = 0x7ffc4c383fff monitored = 0 entry_point = 0x7ffc4c371800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1282 start_va = 0x7ffc4c390000 end_va = 0x7ffc4c485fff monitored = 0 entry_point = 0x7ffc4c3c9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1283 start_va = 0x7ffc4dc80000 end_va = 0x7ffc4dccdfff monitored = 0 entry_point = 0x7ffc4dc91ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1284 start_va = 0x7ffc4ee90000 end_va = 0x7ffc4ef0efff monitored = 0 entry_point = 0x7ffc4eea7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1285 start_va = 0x7ffc4f220000 end_va = 0x7ffc4f22bfff monitored = 0 entry_point = 0x7ffc4f2235c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1286 start_va = 0x7ffc516a0000 end_va = 0x7ffc516b1fff monitored = 0 entry_point = 0x7ffc516a3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1287 start_va = 0x7ffc516c0000 end_va = 0x7ffc516e5fff monitored = 0 entry_point = 0x7ffc516c1cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1288 start_va = 0x7ffc55360000 end_va = 0x7ffc55378fff monitored = 0 entry_point = 0x7ffc55364520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1289 start_va = 0x7ffc57650000 end_va = 0x7ffc57665fff monitored = 0 entry_point = 0x7ffc57651b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1290 start_va = 0x7ffc57e00000 end_va = 0x7ffc57e3dfff monitored = 0 entry_point = 0x7ffc57e0a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1291 start_va = 0x7ffc58d40000 end_va = 0x7ffc58d50fff monitored = 0 entry_point = 0x7ffc58d43320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1292 start_va = 0x7ffc58fc0000 end_va = 0x7ffc58fc9fff monitored = 0 entry_point = 0x7ffc58fc1660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1293 start_va = 0x7ffc5a2c0000 end_va = 0x7ffc5a2d2fff monitored = 0 entry_point = 0x7ffc5a2c2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1294 start_va = 0x7ffc5a850000 end_va = 0x7ffc5a876fff monitored = 0 entry_point = 0x7ffc5a857940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1295 start_va = 0x7ffc5b240000 end_va = 0x7ffc5b24bfff monitored = 0 entry_point = 0x7ffc5b2427e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1296 start_va = 0x7ffc5b380000 end_va = 0x7ffc5b3f9fff monitored = 0 entry_point = 0x7ffc5b3a1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1297 start_va = 0x7ffc5bab0000 end_va = 0x7ffc5badcfff monitored = 0 entry_point = 0x7ffc5bac9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1298 start_va = 0x7ffc5bc40000 end_va = 0x7ffc5bc95fff monitored = 0 entry_point = 0x7ffc5bc50bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1299 start_va = 0x7ffc5bcc0000 end_va = 0x7ffc5bce8fff monitored = 0 entry_point = 0x7ffc5bcd4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1300 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1301 start_va = 0x7ffc5be60000 end_va = 0x7ffc5be6ffff monitored = 0 entry_point = 0x7ffc5be656e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1302 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1303 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1304 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1305 start_va = 0x7ffc5c190000 end_va = 0x7ffc5c356fff monitored = 0 entry_point = 0x7ffc5c1edb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1306 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1307 start_va = 0x7ffc5cb30000 end_va = 0x7ffc5cb46fff monitored = 0 entry_point = 0x7ffc5cb31390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1308 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1309 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1310 start_va = 0x7ffc5e740000 end_va = 0x7ffc5e7aafff monitored = 0 entry_point = 0x7ffc5e7590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1311 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1312 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1313 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1314 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1315 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1316 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1317 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1318 start_va = 0x7ffc5f760000 end_va = 0x7ffc5f806fff monitored = 0 entry_point = 0x7ffc5f76b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1319 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1321 start_va = 0x400000 end_va = 0x402fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1359 start_va = 0x400000 end_va = 0x401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1361 start_va = 0x420000 end_va = 0x424fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1362 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 1363 start_va = 0x420000 end_va = 0x435fff monitored = 0 entry_point = 0x430420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1364 start_va = 0x450000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1365 start_va = 0x420000 end_va = 0x435fff monitored = 0 entry_point = 0x430420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1366 start_va = 0x450000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1367 start_va = 0x420000 end_va = 0x435fff monitored = 0 entry_point = 0x430420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1368 start_va = 0x450000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1369 start_va = 0x420000 end_va = 0x435fff monitored = 0 entry_point = 0x430420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 1370 start_va = 0x450000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 1371 start_va = 0x420000 end_va = 0x439fff monitored = 1 entry_point = 0x421190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1372 start_va = 0x450000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1373 start_va = 0x420000 end_va = 0x439fff monitored = 1 entry_point = 0x421190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 1374 start_va = 0x450000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 1375 start_va = 0x420000 end_va = 0x424fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 1376 start_va = 0x450000 end_va = 0x47afff monitored = 0 entry_point = 0x46d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 1377 start_va = 0x15c0000 end_va = 0x19bafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015c0000" filename = "" Region: id = 1382 start_va = 0x19c0000 end_va = 0x1bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019c0000" filename = "" Region: id = 1383 start_va = 0x7ffc54a00000 end_va = 0x7ffc54a0dfff monitored = 0 entry_point = 0x7ffc54a02b10 region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Region: id = 1390 start_va = 0x420000 end_va = 0x422fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1391 start_va = 0x7ffc55820000 end_va = 0x7ffc55857fff monitored = 0 entry_point = 0x7ffc55838cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1392 start_va = 0x7ffc5e950000 end_va = 0x7ffc5e957fff monitored = 0 entry_point = 0x7ffc5e951ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1393 start_va = 0x1500000 end_va = 0x157ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 1394 start_va = 0x7ffc55190000 end_va = 0x7ffc551a5fff monitored = 0 entry_point = 0x7ffc551919f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1395 start_va = 0x7ffc54b20000 end_va = 0x7ffc54b39fff monitored = 0 entry_point = 0x7ffc54b22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1397 start_va = 0x450000 end_va = 0x462fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 1398 start_va = 0x7ffc5a8a0000 end_va = 0x7ffc5a949fff monitored = 0 entry_point = 0x7ffc5a8c7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Thread: id = 116 os_tid = 0x13b8 Thread: id = 117 os_tid = 0x1390 Thread: id = 118 os_tid = 0x900 Thread: id = 119 os_tid = 0xc14 Thread: id = 120 os_tid = 0xd94 Thread: id = 121 os_tid = 0xd90 Thread: id = 122 os_tid = 0xd8c Thread: id = 123 os_tid = 0xd7c Thread: id = 134 os_tid = 0x11b4 Thread: id = 175 os_tid = 0x2ec Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x757f8000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bf3c" [0xc000000f], "LOCAL" [0x7] Region: id = 1476 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1477 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1478 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1479 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1480 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1481 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1482 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1483 start_va = 0x100000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1484 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1485 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1486 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1487 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1488 start_va = 0x1c0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1489 start_va = 0x1e0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1490 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1491 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1492 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1493 start_va = 0x5c0000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1494 start_va = 0x680000 end_va = 0x6e3fff monitored = 0 entry_point = 0x695ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1495 start_va = 0x6f0000 end_va = 0x6f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1496 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1497 start_va = 0x800000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 1498 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 1499 start_va = 0xb20000 end_va = 0xf1afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 1500 start_va = 0x1020000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 1501 start_va = 0x1040000 end_va = 0x1040fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001040000" filename = "" Region: id = 1502 start_va = 0x1050000 end_va = 0x1050fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001050000" filename = "" Region: id = 1503 start_va = 0x1060000 end_va = 0x1066fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 1504 start_va = 0x1070000 end_va = 0x10effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001070000" filename = "" Region: id = 1505 start_va = 0x10f0000 end_va = 0x10f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 1506 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 1507 start_va = 0x1200000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1508 start_va = 0x1280000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 1509 start_va = 0x1300000 end_va = 0x137ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 1510 start_va = 0x1380000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 1511 start_va = 0x1400000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 1512 start_va = 0x1480000 end_va = 0x1480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 1513 start_va = 0x1490000 end_va = 0x1490fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001490000" filename = "" Region: id = 1514 start_va = 0x14a0000 end_va = 0x14a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014a0000" filename = "" Region: id = 1515 start_va = 0x14b0000 end_va = 0x14b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014b0000" filename = "" Region: id = 1516 start_va = 0x14f0000 end_va = 0x14f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014f0000" filename = "" Region: id = 1517 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 1518 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 1519 start_va = 0x1700000 end_va = 0x177ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 1520 start_va = 0x1780000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001780000" filename = "" Region: id = 1521 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 1522 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 1523 start_va = 0x1a00000 end_va = 0x1a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 1524 start_va = 0x1a90000 end_va = 0x1b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a90000" filename = "" Region: id = 1525 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 1526 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 1527 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 1528 start_va = 0x2200000 end_va = 0x22dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1529 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1530 start_va = 0x2400000 end_va = 0x2736fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1531 start_va = 0x2740000 end_va = 0x283ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002740000" filename = "" Region: id = 1532 start_va = 0x2840000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 1533 start_va = 0x2940000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 1534 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 1535 start_va = 0x2c00000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 1536 start_va = 0x2d00000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 1537 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 1538 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 1539 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 1540 start_va = 0x3200000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 1541 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 1542 start_va = 0x3500000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 1543 start_va = 0x3600000 end_va = 0x36fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 1544 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 1545 start_va = 0x3800000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 1546 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 1547 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 1548 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1549 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1550 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1551 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1552 start_va = 0x7ff60e670000 end_va = 0x7ff60e67cfff monitored = 0 entry_point = 0x7ff60e673980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1553 start_va = 0x7ffc45b70000 end_va = 0x7ffc45d27fff monitored = 0 entry_point = 0x7ffc45b75550 region_type = mapped_file name = "wmalfxgfxdsp.dll" filename = "\\Windows\\System32\\WMALFXGFXDSP.dll" (normalized: "c:\\windows\\system32\\wmalfxgfxdsp.dll") Region: id = 1554 start_va = 0x7ffc4c370000 end_va = 0x7ffc4c383fff monitored = 0 entry_point = 0x7ffc4c371800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1555 start_va = 0x7ffc4c390000 end_va = 0x7ffc4c485fff monitored = 0 entry_point = 0x7ffc4c3c9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1556 start_va = 0x7ffc4dbb0000 end_va = 0x7ffc4dbc0fff monitored = 0 entry_point = 0x7ffc4dbb2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1557 start_va = 0x7ffc4ee90000 end_va = 0x7ffc4ef0efff monitored = 0 entry_point = 0x7ffc4eea7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1558 start_va = 0x7ffc53440000 end_va = 0x7ffc5346afff monitored = 0 entry_point = 0x7ffc5344c3c0 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 1559 start_va = 0x7ffc53470000 end_va = 0x7ffc5357cfff monitored = 0 entry_point = 0x7ffc5349f420 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 1560 start_va = 0x7ffc54700000 end_va = 0x7ffc54732fff monitored = 0 entry_point = 0x7ffc5470ae20 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 1561 start_va = 0x7ffc54990000 end_va = 0x7ffc5499dfff monitored = 0 entry_point = 0x7ffc54992e50 region_type = mapped_file name = "cmintegrator.dll" filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll") Region: id = 1562 start_va = 0x7ffc549a0000 end_va = 0x7ffc549d7fff monitored = 0 entry_point = 0x7ffc549a68f0 region_type = mapped_file name = "wcmcsp.dll" filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll") Region: id = 1563 start_va = 0x7ffc54a10000 end_va = 0x7ffc54aa8fff monitored = 0 entry_point = 0x7ffc54a2a090 region_type = mapped_file name = "wcmsvc.dll" filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll") Region: id = 1564 start_va = 0x7ffc54b20000 end_va = 0x7ffc54b39fff monitored = 0 entry_point = 0x7ffc54b22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1565 start_va = 0x7ffc54ff0000 end_va = 0x7ffc55077fff monitored = 0 entry_point = 0x7ffc55004510 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1566 start_va = 0x7ffc55080000 end_va = 0x7ffc5518afff monitored = 0 entry_point = 0x7ffc550c2610 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 1567 start_va = 0x7ffc55190000 end_va = 0x7ffc551a5fff monitored = 0 entry_point = 0x7ffc551919f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1568 start_va = 0x7ffc552a0000 end_va = 0x7ffc5530ffff monitored = 0 entry_point = 0x7ffc552c2960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1569 start_va = 0x7ffc55820000 end_va = 0x7ffc55857fff monitored = 0 entry_point = 0x7ffc55838cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1570 start_va = 0x7ffc55860000 end_va = 0x7ffc5586afff monitored = 0 entry_point = 0x7ffc55861d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1571 start_va = 0x7ffc55870000 end_va = 0x7ffc558b7fff monitored = 0 entry_point = 0x7ffc5587a1e0 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 1572 start_va = 0x7ffc57510000 end_va = 0x7ffc5756cfff monitored = 0 entry_point = 0x7ffc57522bf0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 1573 start_va = 0x7ffc576e0000 end_va = 0x7ffc57890fff monitored = 0 entry_point = 0x7ffc57733690 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 1574 start_va = 0x7ffc57bb0000 end_va = 0x7ffc57ce5fff monitored = 0 entry_point = 0x7ffc57bdf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1575 start_va = 0x7ffc57e70000 end_va = 0x7ffc57f37fff monitored = 0 entry_point = 0x7ffc57eb13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1576 start_va = 0x7ffc581a0000 end_va = 0x7ffc581e9fff monitored = 0 entry_point = 0x7ffc581aac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 1577 start_va = 0x7ffc58d40000 end_va = 0x7ffc58d50fff monitored = 0 entry_point = 0x7ffc58d43320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1578 start_va = 0x7ffc58fa0000 end_va = 0x7ffc58fa8fff monitored = 0 entry_point = 0x7ffc58fa19a0 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 1579 start_va = 0x7ffc58fb0000 end_va = 0x7ffc58fbafff monitored = 0 entry_point = 0x7ffc58fb1cd0 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 1580 start_va = 0x7ffc58fd0000 end_va = 0x7ffc58fe7fff monitored = 0 entry_point = 0x7ffc58fd5910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1581 start_va = 0x7ffc5a2c0000 end_va = 0x7ffc5a2d2fff monitored = 0 entry_point = 0x7ffc5a2c2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1582 start_va = 0x7ffc5a3a0000 end_va = 0x7ffc5a525fff monitored = 0 entry_point = 0x7ffc5a3ed700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1583 start_va = 0x7ffc5a850000 end_va = 0x7ffc5a876fff monitored = 0 entry_point = 0x7ffc5a857940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1584 start_va = 0x7ffc5a8a0000 end_va = 0x7ffc5a949fff monitored = 0 entry_point = 0x7ffc5a8c7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1585 start_va = 0x7ffc5abb0000 end_va = 0x7ffc5abe1fff monitored = 0 entry_point = 0x7ffc5abc2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1586 start_va = 0x7ffc5ae30000 end_va = 0x7ffc5ae53fff monitored = 0 entry_point = 0x7ffc5ae33260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1587 start_va = 0x7ffc5afd0000 end_va = 0x7ffc5b0c3fff monitored = 0 entry_point = 0x7ffc5afda960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1588 start_va = 0x7ffc5b240000 end_va = 0x7ffc5b24bfff monitored = 0 entry_point = 0x7ffc5b2427e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1589 start_va = 0x7ffc5b320000 end_va = 0x7ffc5b350fff monitored = 0 entry_point = 0x7ffc5b327d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1590 start_va = 0x7ffc5b590000 end_va = 0x7ffc5b5aefff monitored = 0 entry_point = 0x7ffc5b595d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1591 start_va = 0x7ffc5b700000 end_va = 0x7ffc5b75bfff monitored = 0 entry_point = 0x7ffc5b716f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1592 start_va = 0x7ffc5b8d0000 end_va = 0x7ffc5b8dafff monitored = 0 entry_point = 0x7ffc5b8d19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1593 start_va = 0x7ffc5bab0000 end_va = 0x7ffc5badcfff monitored = 0 entry_point = 0x7ffc5bac9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1594 start_va = 0x7ffc5bc40000 end_va = 0x7ffc5bc95fff monitored = 0 entry_point = 0x7ffc5bc50bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1595 start_va = 0x7ffc5bcc0000 end_va = 0x7ffc5bce8fff monitored = 0 entry_point = 0x7ffc5bcd4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1596 start_va = 0x7ffc5be30000 end_va = 0x7ffc5be43fff monitored = 0 entry_point = 0x7ffc5be352e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1597 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1598 start_va = 0x7ffc5be60000 end_va = 0x7ffc5be6ffff monitored = 0 entry_point = 0x7ffc5be656e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1599 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1600 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1601 start_va = 0x7ffc5bf10000 end_va = 0x7ffc5bf95fff monitored = 0 entry_point = 0x7ffc5bf1d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1602 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1603 start_va = 0x7ffc5c190000 end_va = 0x7ffc5c356fff monitored = 0 entry_point = 0x7ffc5c1edb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1604 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1605 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1606 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1607 start_va = 0x7ffc5e3e0000 end_va = 0x7ffc5e522fff monitored = 0 entry_point = 0x7ffc5e408210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1608 start_va = 0x7ffc5e740000 end_va = 0x7ffc5e7aafff monitored = 0 entry_point = 0x7ffc5e7590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1609 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1610 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1611 start_va = 0x7ffc5e950000 end_va = 0x7ffc5e957fff monitored = 0 entry_point = 0x7ffc5e951ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1612 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1613 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1614 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1615 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1616 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1617 start_va = 0x7ffc5f760000 end_va = 0x7ffc5f806fff monitored = 0 entry_point = 0x7ffc5f76b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1618 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1640 start_va = 0xf20000 end_va = 0xf8efff monitored = 0 entry_point = 0xf407c0 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 1648 start_va = 0x1f00000 end_va = 0x204cfff monitored = 0 entry_point = 0x1f43da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1650 start_va = 0xf20000 end_va = 0xfb3fff monitored = 0 entry_point = 0xf48810 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 1651 start_va = 0x7ffc57650000 end_va = 0x7ffc57665fff monitored = 0 entry_point = 0x7ffc57651b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1652 start_va = 0xf20000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Thread: id = 139 os_tid = 0x8b8 Thread: id = 140 os_tid = 0x9a8 Thread: id = 141 os_tid = 0x8bc Thread: id = 142 os_tid = 0xec Thread: id = 143 os_tid = 0x490 Thread: id = 144 os_tid = 0xba0 Thread: id = 145 os_tid = 0xce0 Thread: id = 146 os_tid = 0xc34 Thread: id = 147 os_tid = 0xc10 Thread: id = 148 os_tid = 0xf28 Thread: id = 149 os_tid = 0x470 Thread: id = 150 os_tid = 0x468 Thread: id = 151 os_tid = 0x440 Thread: id = 152 os_tid = 0x43c Thread: id = 153 os_tid = 0x434 Thread: id = 154 os_tid = 0x158 Thread: id = 155 os_tid = 0x34c Thread: id = 156 os_tid = 0x2f0 Thread: id = 157 os_tid = 0x2cc Thread: id = 158 os_tid = 0x168 Thread: id = 159 os_tid = 0x2d0 Thread: id = 160 os_tid = 0x210 Thread: id = 161 os_tid = 0x374 Thread: id = 174 os_tid = 0x46c Thread: id = 176 os_tid = 0xf30 Process: id = "9" image_name = "kpruegc.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe" page_root = "0x65ed4000" os_pid = "0xd10" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x614" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010021" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1774 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1775 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1776 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1777 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1778 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1779 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1780 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1781 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1782 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1783 start_va = 0x400000 end_va = 0x4b9fff monitored = 1 entry_point = 0x4a4d76 region_type = mapped_file name = "kpruegc.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe") Region: id = 1784 start_va = 0x77700000 end_va = 0x7787afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1785 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1786 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1787 start_va = 0x7fff0000 end_va = 0x7ffb55e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1788 start_va = 0x7ffb55e80000 end_va = 0x7ffb56040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1789 start_va = 0x7ffb56041000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb56041000" filename = "" Region: id = 1926 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1927 start_va = 0x67fa0000 end_va = 0x67feffff monitored = 0 entry_point = 0x67fb8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1928 start_va = 0x67ff0000 end_va = 0x68069fff monitored = 0 entry_point = 0x68003290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1929 start_va = 0x765a0000 end_va = 0x7667ffff monitored = 0 entry_point = 0x765b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1930 start_va = 0x67f90000 end_va = 0x67f97fff monitored = 0 entry_point = 0x67f917c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1931 start_va = 0x580000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1932 start_va = 0x70c30000 end_va = 0x70c88fff monitored = 1 entry_point = 0x70c40780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1933 start_va = 0x765a0000 end_va = 0x7667ffff monitored = 0 entry_point = 0x765b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1934 start_va = 0x76420000 end_va = 0x7659dfff monitored = 0 entry_point = 0x764d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1935 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1936 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1937 start_va = 0x580000 end_va = 0x63dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1938 start_va = 0x6d0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 1939 start_va = 0x7d0000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 1940 start_va = 0x74380000 end_va = 0x74411fff monitored = 0 entry_point = 0x743c0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1941 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1942 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1943 start_va = 0x761a0000 end_va = 0x7621afff monitored = 0 entry_point = 0x761be970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1944 start_va = 0x75c00000 end_va = 0x75cbdfff monitored = 0 entry_point = 0x75c35630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1945 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1946 start_va = 0x7d0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 1947 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 1948 start_va = 0x76150000 end_va = 0x76193fff monitored = 0 entry_point = 0x76169d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1949 start_va = 0x76370000 end_va = 0x7641cfff monitored = 0 entry_point = 0x76384f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1950 start_va = 0x74430000 end_va = 0x7444dfff monitored = 0 entry_point = 0x7443b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1951 start_va = 0x74420000 end_va = 0x74429fff monitored = 0 entry_point = 0x74422a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1952 start_va = 0x744b0000 end_va = 0x74507fff monitored = 0 entry_point = 0x744f25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1953 start_va = 0x930000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 1954 start_va = 0x70bb0000 end_va = 0x70c28fff monitored = 1 entry_point = 0x70bbf82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1955 start_va = 0x745c0000 end_va = 0x74604fff monitored = 0 entry_point = 0x745dde90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1956 start_va = 0x76790000 end_va = 0x7694cfff monitored = 0 entry_point = 0x76872a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1957 start_va = 0x77580000 end_va = 0x776cefff monitored = 0 entry_point = 0x77636820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1958 start_va = 0x773e0000 end_va = 0x77526fff monitored = 0 entry_point = 0x773f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1959 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1960 start_va = 0x930000 end_va = 0xab7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 1961 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 1962 start_va = 0x776d0000 end_va = 0x776fafff monitored = 0 entry_point = 0x776d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1963 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1964 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1965 start_va = 0xb00000 end_va = 0xc80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 1966 start_va = 0xc90000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 1967 start_va = 0x2090000 end_va = 0x2144fff monitored = 1 entry_point = 0x2134d76 region_type = mapped_file name = "kpruegc.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe") Region: id = 1968 start_va = 0x76340000 end_va = 0x7634bfff monitored = 0 entry_point = 0x76343930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1969 start_va = 0x70ba0000 end_va = 0x70ba7fff monitored = 0 entry_point = 0x70ba17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1970 start_va = 0x2090000 end_va = 0x2740fff monitored = 1 entry_point = 0x20a5d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1971 start_va = 0x704e0000 end_va = 0x70b90fff monitored = 1 entry_point = 0x704f5d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1972 start_va = 0x703e0000 end_va = 0x704d4fff monitored = 0 entry_point = 0x70434160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 1973 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1974 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1975 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1976 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1977 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1978 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1979 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1980 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1981 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1982 start_va = 0x2090000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1983 start_va = 0x2260000 end_va = 0x242ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 1984 start_va = 0x640000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1985 start_va = 0x2090000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1986 start_va = 0x2250000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 1987 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1988 start_va = 0x2430000 end_va = 0x442ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 1989 start_va = 0x2190000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 1990 start_va = 0x680000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1991 start_va = 0x2260000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 1992 start_va = 0x2420000 end_va = 0x242ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 1993 start_va = 0x4430000 end_va = 0x4766fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1994 start_va = 0x6f1b0000 end_va = 0x703d7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 1995 start_va = 0x77120000 end_va = 0x7720afff monitored = 0 entry_point = 0x7715d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1996 start_va = 0x2360000 end_va = 0x23f0fff monitored = 0 entry_point = 0x2398cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1997 start_va = 0x6f130000 end_va = 0x6f1a4fff monitored = 0 entry_point = 0x6f169a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1998 start_va = 0x8d0000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 1999 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 2000 start_va = 0x8d0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 2001 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 2002 start_va = 0x6f0b0000 end_va = 0x6f12dfff monitored = 1 entry_point = 0x6f0b1140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 2003 start_va = 0x74510000 end_va = 0x745a1fff monitored = 0 entry_point = 0x74548cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2004 start_va = 0x8e0000 end_va = 0x8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 2005 start_va = 0x6e700000 end_va = 0x6f0abfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 2006 start_va = 0x6e570000 end_va = 0x6e6fcfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 2007 start_va = 0x6d910000 end_va = 0x6e568fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 2008 start_va = 0x8f0000 end_va = 0x8f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 2009 start_va = 0x8f0000 end_va = 0x8f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 2010 start_va = 0x2360000 end_va = 0x23eefff monitored = 0 entry_point = 0x236dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 2011 start_va = 0x6d870000 end_va = 0x6d901fff monitored = 0 entry_point = 0x6d87dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 2012 start_va = 0x4770000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 2013 start_va = 0x900000 end_va = 0x900fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 2014 start_va = 0x2360000 end_va = 0x241bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 2015 start_va = 0x900000 end_va = 0x903fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 2016 start_va = 0xac0000 end_va = 0xac3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 2017 start_va = 0x4950000 end_va = 0x4b5afff monitored = 0 entry_point = 0x49fb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 2018 start_va = 0x6d660000 end_va = 0x6d86efff monitored = 0 entry_point = 0x6d70b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 2019 start_va = 0xad0000 end_va = 0xad0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2020 start_va = 0xae0000 end_va = 0xae1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 2021 start_va = 0x4770000 end_va = 0x47affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 2022 start_va = 0x4940000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004940000" filename = "" Region: id = 2023 start_va = 0x6d640000 end_va = 0x6d65cfff monitored = 0 entry_point = 0x6d643b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2024 start_va = 0xad0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 2025 start_va = 0xad0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 2026 start_va = 0x2230000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 2027 start_va = 0x6d4d0000 end_va = 0x6d63afff monitored = 0 entry_point = 0x6d53e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 2028 start_va = 0x4950000 end_va = 0x4b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 2029 start_va = 0x47b0000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2030 start_va = 0x47f0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 2031 start_va = 0x6d2d0000 end_va = 0x6d4c0fff monitored = 0 entry_point = 0x6d3b3cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 2032 start_va = 0x76220000 end_va = 0x7633efff monitored = 0 entry_point = 0x76265980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2033 start_va = 0x48f0000 end_va = 0x4938fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 2034 start_va = 0xad0000 end_va = 0xad3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 2035 start_va = 0x4b30000 end_va = 0x5b2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 2036 start_va = 0x2230000 end_va = 0x2233fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 2037 start_va = 0x4950000 end_va = 0x4a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 2038 start_va = 0x4b20000 end_va = 0x4b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b20000" filename = "" Region: id = 2039 start_va = 0x5b30000 end_va = 0x5c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b30000" filename = "" Region: id = 2040 start_va = 0x5c30000 end_va = 0x6121fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005c30000" filename = "" Region: id = 2041 start_va = 0x6130000 end_va = 0x716ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 2042 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 2043 start_va = 0x4a50000 end_va = 0x4aebfff monitored = 1 entry_point = 0x4ade9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 2044 start_va = 0x2240000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 2045 start_va = 0x2240000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 2046 start_va = 0x2240000 end_va = 0x2246fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002240000" filename = "" Region: id = 2566 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 2567 start_va = 0x47a0000 end_va = 0x47affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 2568 start_va = 0x7170000 end_va = 0x71affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007170000" filename = "" Region: id = 2569 start_va = 0x71b0000 end_va = 0x72affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000071b0000" filename = "" Region: id = 2570 start_va = 0x72b0000 end_va = 0x72effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000072b0000" filename = "" Region: id = 2571 start_va = 0x72f0000 end_va = 0x73effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000072f0000" filename = "" Region: id = 2572 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 2573 start_va = 0x73f0000 end_va = 0x7451fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 2574 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 2575 start_va = 0x7460000 end_va = 0x74dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007460000" filename = "" Region: id = 2576 start_va = 0x74e0000 end_va = 0x75dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000074e0000" filename = "" Region: id = 2577 start_va = 0x6c3e0000 end_va = 0x6c552fff monitored = 0 entry_point = 0x6c48d220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 2578 start_va = 0x75e0000 end_va = 0x7645fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000075e0000" filename = "" Region: id = 2579 start_va = 0x4af0000 end_va = 0x4b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004af0000" filename = "" Region: id = 2580 start_va = 0x4af0000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004af0000" filename = "" Region: id = 2581 start_va = 0x4b00000 end_va = 0x4b0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b00000" filename = "" Region: id = 2582 start_va = 0x4b10000 end_va = 0x4b1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b10000" filename = "" Region: id = 2583 start_va = 0x7650000 end_va = 0x76b5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007650000" filename = "" Region: id = 2584 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 2585 start_va = 0x4790000 end_va = 0x479ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 2586 start_va = 0x76c0000 end_va = 0x76cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076c0000" filename = "" Region: id = 2587 start_va = 0x76d0000 end_va = 0x76dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076d0000" filename = "" Region: id = 2588 start_va = 0x76c0000 end_va = 0x76cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076c0000" filename = "" Region: id = 2589 start_va = 0x76d0000 end_va = 0x76dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076d0000" filename = "" Region: id = 2590 start_va = 0x76e0000 end_va = 0x76effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076e0000" filename = "" Region: id = 2591 start_va = 0x76f0000 end_va = 0x76fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076f0000" filename = "" Region: id = 2592 start_va = 0x7700000 end_va = 0x770ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007700000" filename = "" Region: id = 2593 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2594 start_va = 0x7720000 end_va = 0x772ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007720000" filename = "" Region: id = 2595 start_va = 0x7730000 end_va = 0x773ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007730000" filename = "" Region: id = 2596 start_va = 0x7740000 end_va = 0x774ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007740000" filename = "" Region: id = 2597 start_va = 0x7750000 end_va = 0x775ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007750000" filename = "" Region: id = 2598 start_va = 0x7760000 end_va = 0x776ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007760000" filename = "" Region: id = 2599 start_va = 0x7770000 end_va = 0x777ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007770000" filename = "" Region: id = 2600 start_va = 0x7780000 end_va = 0x778ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007780000" filename = "" Region: id = 2601 start_va = 0x7790000 end_va = 0x779ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007790000" filename = "" Region: id = 2602 start_va = 0x77a0000 end_va = 0x77affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000077a0000" filename = "" Region: id = 2603 start_va = 0x77b0000 end_va = 0x77bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000077b0000" filename = "" Region: id = 2604 start_va = 0x76c0000 end_va = 0x76cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076c0000" filename = "" Region: id = 2605 start_va = 0x76d0000 end_va = 0x76dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076d0000" filename = "" Region: id = 2606 start_va = 0x76e0000 end_va = 0x76effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076e0000" filename = "" Region: id = 2607 start_va = 0x76f0000 end_va = 0x76fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076f0000" filename = "" Region: id = 2608 start_va = 0x7700000 end_va = 0x770ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007700000" filename = "" Region: id = 2609 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2610 start_va = 0x7720000 end_va = 0x772ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007720000" filename = "" Region: id = 2611 start_va = 0x7730000 end_va = 0x773ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007730000" filename = "" Region: id = 2612 start_va = 0x7740000 end_va = 0x774ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007740000" filename = "" Region: id = 2613 start_va = 0x7750000 end_va = 0x775ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007750000" filename = "" Region: id = 2614 start_va = 0x7760000 end_va = 0x776ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007760000" filename = "" Region: id = 2615 start_va = 0x7770000 end_va = 0x777ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007770000" filename = "" Region: id = 2616 start_va = 0x7780000 end_va = 0x778ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007780000" filename = "" Region: id = 2617 start_va = 0x7790000 end_va = 0x779ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007790000" filename = "" Region: id = 2618 start_va = 0x76c0000 end_va = 0x76cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076c0000" filename = "" Region: id = 2619 start_va = 0x76d0000 end_va = 0x76dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076d0000" filename = "" Region: id = 2620 start_va = 0x76d0000 end_va = 0x7709fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000076d0000" filename = "" Region: id = 2621 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2622 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2623 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2624 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2625 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2626 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2627 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2628 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2629 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2630 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2631 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2632 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2633 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2634 start_va = 0x7710000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2635 start_va = 0x7720000 end_va = 0x772ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007720000" filename = "" Region: id = 2636 start_va = 0x7710000 end_va = 0x774ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 2637 start_va = 0x7750000 end_va = 0x784ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007750000" filename = "" Region: id = 2638 start_va = 0x7850000 end_va = 0x785ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007850000" filename = "" Region: id = 2639 start_va = 0x747c0000 end_va = 0x75bbefff monitored = 0 entry_point = 0x7497b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2640 start_va = 0x75bc0000 end_va = 0x75bf6fff monitored = 0 entry_point = 0x75bc3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2641 start_va = 0x76b80000 end_va = 0x77078fff monitored = 0 entry_point = 0x76d87610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 2642 start_va = 0x76af0000 end_va = 0x76b7cfff monitored = 0 entry_point = 0x76b39b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 2643 start_va = 0x77530000 end_va = 0x77573fff monitored = 0 entry_point = 0x77537410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 2644 start_va = 0x76350000 end_va = 0x7635efff monitored = 0 entry_point = 0x76352e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2645 start_va = 0x7850000 end_va = 0x7850fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007850000" filename = "" Region: id = 2646 start_va = 0x7860000 end_va = 0x786ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007860000" filename = "" Region: id = 2647 start_va = 0x7860000 end_va = 0x786ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007860000" filename = "" Region: id = 2648 start_va = 0x7870000 end_va = 0x796ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007870000" filename = "" Region: id = 2649 start_va = 0x72480000 end_va = 0x725cafff monitored = 0 entry_point = 0x724e1660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 2650 start_va = 0x7970000 end_va = 0x79affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007970000" filename = "" Region: id = 2651 start_va = 0x79b0000 end_va = 0x7aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000079b0000" filename = "" Region: id = 2652 start_va = 0x7ab0000 end_va = 0x7ab0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007ab0000" filename = "" Region: id = 2653 start_va = 0x74610000 end_va = 0x74693fff monitored = 0 entry_point = 0x74636220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2654 start_va = 0x73d10000 end_va = 0x73f2bfff monitored = 0 entry_point = 0x73edbc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 2655 start_va = 0x7ac0000 end_va = 0x7ac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007ac0000" filename = "" Region: id = 2656 start_va = 0x7ad0000 end_va = 0x7b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ad0000" filename = "" Region: id = 2657 start_va = 0x7b10000 end_va = 0x7c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b10000" filename = "" Region: id = 2658 start_va = 0x7c10000 end_va = 0x7c13fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2659 start_va = 0x7c20000 end_va = 0x7c64fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 2660 start_va = 0x7c70000 end_va = 0x7caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c70000" filename = "" Region: id = 2661 start_va = 0x7cb0000 end_va = 0x7daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007cb0000" filename = "" Region: id = 2662 start_va = 0x7db0000 end_va = 0x7db3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2663 start_va = 0x7dc0000 end_va = 0x7e4dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 2664 start_va = 0x7e50000 end_va = 0x7e51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007e50000" filename = "" Region: id = 2665 start_va = 0x7e60000 end_va = 0x7e60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007e60000" filename = "" Region: id = 2666 start_va = 0x7e70000 end_va = 0x826afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007e70000" filename = "" Region: id = 2667 start_va = 0x8270000 end_va = 0x8273fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 2668 start_va = 0x8280000 end_va = 0x8292fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 2669 start_va = 0x82a0000 end_va = 0x82a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000082a0000" filename = "" Region: id = 2670 start_va = 0x6ce20000 end_va = 0x6cf9dfff monitored = 0 entry_point = 0x6ce9c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 2671 start_va = 0x71f90000 end_va = 0x7225afff monitored = 0 entry_point = 0x721cc4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 2672 start_va = 0x8270000 end_va = 0x8270fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008270000" filename = "" Region: id = 2691 start_va = 0x82b0000 end_va = 0x82bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082b0000" filename = "" Region: id = 2692 start_va = 0x82c0000 end_va = 0x82cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082c0000" filename = "" Region: id = 2693 start_va = 0x82d0000 end_va = 0x82dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082d0000" filename = "" Region: id = 2765 start_va = 0x82b0000 end_va = 0x82effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082b0000" filename = "" Region: id = 2766 start_va = 0x82f0000 end_va = 0x83effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082f0000" filename = "" Region: id = 2770 start_va = 0x83f0000 end_va = 0x842ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000083f0000" filename = "" Region: id = 2771 start_va = 0x8430000 end_va = 0x852ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008430000" filename = "" Thread: id = 177 os_tid = 0xd14 [0236.135] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0236.446] RoInitialize () returned 0x1 [0236.446] RoUninitialize () returned 0x0 [0237.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x19ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0237.843] IsAppThemed () returned 0x1 [0237.846] CoTaskMemAlloc (cb=0xf0) returned 0x720ef0 [0237.852] CreateActCtxA (pActCtx=0x19f414) returned 0x7210e4 [0237.976] CoTaskMemFree (pv=0x720ef0) [0237.988] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc12e [0237.989] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc12c [0238.007] GetSystemMetrics (nIndex=75) returned 1 [0238.012] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0238.083] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6d870000 [0238.200] AdjustWindowRectEx (in: lpRect=0x19f470, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19f470) returned 1 [0238.204] GetCurrentProcess () returned 0xffffffff [0238.204] GetCurrentThread () returned 0xfffffffe [0238.204] GetCurrentProcess () returned 0xffffffff [0238.204] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f388, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f388*=0x264) returned 1 [0238.207] GetCurrentThreadId () returned 0xd14 [0238.259] GetCurrentActCtx (in: lphActCtx=0x19f2e8 | out: lphActCtx=0x19f2e8*=0x0) returned 1 [0238.267] ActivateActCtx (in: hActCtx=0x7210e4, lpCookie=0x19f2f8 | out: hActCtx=0x7210e4, lpCookie=0x19f2f8) returned 1 [0238.267] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0238.279] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6d660000 [0238.389] GetModuleHandleW (lpModuleName="user32.dll") returned 0x773e0000 [0238.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f1b0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW°m\x1f¹ÿ/ «Nphö\x19", lpUsedDefaultChar=0x0) returned 14 [0238.390] GetProcAddress (hModule=0x773e0000, lpProcName="DefWindowProcW") returned 0x743b07e0 [0238.391] GetStockObject (i=5) returned 0x1900015 [0238.413] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0238.418] CoTaskMemAlloc (cb=0x5c) returned 0x721310 [0238.418] RegisterClassW (lpWndClass=0x19f1a0) returned 0xc14e [0238.418] CoTaskMemFree (pv=0x721310) [0238.419] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0238.419] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x30042 [0238.427] SetWindowLongW (hWnd=0x30042, nIndex=-4, dwNewLong=1950025696) returned 75105726 [0238.435] GetWindowLongW (hWnd=0x30042, nIndex=-4) returned 1950025696 [0238.440] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e9fc | out: phkResult=0x19e9fc*=0x288) returned 0x0 [0238.441] RegQueryValueExW (in: hKey=0x288, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19ea1c, lpData=0x0, lpcbData=0x19ea18*=0x0 | out: lpType=0x19ea1c*=0x0, lpData=0x0, lpcbData=0x19ea18*=0x0) returned 0x2 [0238.441] RegQueryValueExW (in: hKey=0x288, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19ea1c, lpData=0x0, lpcbData=0x19ea18*=0x0 | out: lpType=0x19ea1c*=0x0, lpData=0x0, lpcbData=0x19ea18*=0x0) returned 0x2 [0238.441] RegCloseKey (hKey=0x288) returned 0x0 [0238.443] SetWindowLongW (hWnd=0x30042, nIndex=-4, dwNewLong=75105766) returned 1950025696 [0238.443] GetWindowLongW (hWnd=0x30042, nIndex=-4) returned 75105766 [0238.443] GetWindowLongW (hWnd=0x30042, nIndex=-16) returned 113311744 [0238.444] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc14f [0238.445] CallWindowProcW (lpPrevWndFunc=0x743b07e0, hWnd=0x30042, Msg=0x24, wParam=0x0, lParam=0x19ed14) returned 0x0 [0238.445] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc150 [0238.446] CallWindowProcW (lpPrevWndFunc=0x743b07e0, hWnd=0x30042, Msg=0x81, wParam=0x0, lParam=0x19ed08) returned 0x1 [0238.446] CallWindowProcW (lpPrevWndFunc=0x743b07e0, hWnd=0x30042, Msg=0x83, wParam=0x0, lParam=0x19ecf4) returned 0x0 [0238.462] CallWindowProcW (lpPrevWndFunc=0x743b07e0, hWnd=0x30042, Msg=0x1, wParam=0x0, lParam=0x19ed08) returned 0x0 [0238.463] GetClientRect (in: hWnd=0x30042, lpRect=0x19ea34 | out: lpRect=0x19ea34) returned 1 [0238.463] GetWindowRect (in: hWnd=0x30042, lpRect=0x19ea34 | out: lpRect=0x19ea34) returned 1 [0238.465] GetParent (hWnd=0x30042) returned 0x0 [0238.465] DeactivateActCtx (dwFlags=0x0, ulCookie=0x113f0001) returned 1 [0238.613] GetSystemDefaultLCID () returned 0x409 [0238.613] GetStockObject (i=17) returned 0x10a0047 [0238.615] GetObjectW (in: h=0x10a0047, c=92, pv=0x19f1f0 | out: pv=0x19f1f0) returned 92 [0238.616] GetDC (hWnd=0x0) returned 0x6010190 [0238.690] GdiplusStartup (in: token=0x5263f8, input=0x19e7b8, output=0x19e808 | out: token=0x5263f8, output=0x19e808) returned 0x0 [0238.721] CoTaskMemAlloc (cb=0x5c) returned 0x721310 [0238.722] GdipCreateFontFromLogfontW (hdc=0x6010190, logfont=0x721310, font=0x19f2b8) returned 0x0 [0239.155] CoTaskMemFree (pv=0x721310) [0239.156] CoTaskMemAlloc (cb=0x5c) returned 0x721310 [0239.157] CoTaskMemFree (pv=0x721310) [0239.157] CoTaskMemAlloc (cb=0x5c) returned 0x721310 [0239.157] CoTaskMemFree (pv=0x721310) [0239.157] GdipGetFontUnit (font=0x4b21f08, unit=0x19f284) returned 0x0 [0239.157] GdipGetFontSize (font=0x4b21f08, size=0x19f288) returned 0x0 [0239.157] GdipGetFontStyle (font=0x4b21f08, style=0x19f280) returned 0x0 [0239.158] GdipGetFamily (font=0x4b21f08, family=0x19f27c) returned 0x0 [0239.158] GdipGetFontSize (font=0x4b21f08, size=0x24496b0) returned 0x0 [0239.158] ReleaseDC (hWnd=0x0, hDC=0x6010190) returned 1 [0239.158] GetDC (hWnd=0x0) returned 0x6010190 [0239.159] GdipCreateFromHDC (hdc=0x6010190, graphics=0x19f2a4) returned 0x0 [0239.173] GdipGetDpiY (graphics=0x5b3f268, dpi=0x24497b8) returned 0x0 [0239.173] GdipGetFontHeight (font=0x4b21f08, graphics=0x5b3f268, height=0x19f29c) returned 0x0 [0239.174] GdipGetEmHeight (family=0x5b34c98, style=0, EmHeight=0x19f2a4) returned 0x0 [0239.174] GdipGetLineSpacing (family=0x5b34c98, style=0, LineSpacing=0x19f2a4) returned 0x0 [0239.174] GdipDeleteGraphics (graphics=0x5b3f268) returned 0x0 [0239.175] ReleaseDC (hWnd=0x0, hDC=0x6010190) returned 1 [0239.176] GdipCreateFont (fontFamily=0x5b34c98, emSize=0x41040000, style=0, unit=0x3, font=0x2449778) returned 0x0 [0239.176] GdipGetFontSize (font=0x4b2efc0, size=0x244977c) returned 0x0 [0239.176] GdipDeleteFont (font=0x4b21f08) returned 0x0 [0239.176] GetDC (hWnd=0x0) returned 0x6010190 [0239.176] GdipCreateFromHDC (hdc=0x6010190, graphics=0x19f308) returned 0x0 [0239.176] GdipGetFontHeight (font=0x4b2efc0, graphics=0x5b3f268, height=0x19f300) returned 0x0 [0239.176] GdipDeleteGraphics (graphics=0x5b3f268) returned 0x0 [0239.176] ReleaseDC (hWnd=0x0, hDC=0x6010190) returned 1 [0239.178] GetSystemMetrics (nIndex=5) returned 1 [0239.178] GetSystemMetrics (nIndex=6) returned 1 [0239.178] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.179] AdjustWindowRectEx (in: lpRect=0x19f430, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f430) returned 1 [0239.179] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.180] AdjustWindowRectEx (in: lpRect=0x19f430, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f430) returned 1 [0239.181] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.181] AdjustWindowRectEx (in: lpRect=0x19f434, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f434) returned 1 [0239.181] GetSystemMetrics (nIndex=5) returned 1 [0239.181] GetSystemMetrics (nIndex=6) returned 1 [0239.182] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.182] AdjustWindowRectEx (in: lpRect=0x19f394, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f394) returned 1 [0239.184] GetSystemMetrics (nIndex=5) returned 1 [0239.184] GetSystemMetrics (nIndex=6) returned 1 [0239.184] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.184] AdjustWindowRectEx (in: lpRect=0x19f394, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19f394) returned 1 [0239.186] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.186] AdjustWindowRectEx (in: lpRect=0x19f3c0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f3c0) returned 1 [0239.205] GetProcessWindowStation () returned 0xf0 [0239.207] GetUserObjectInformationA (in: hObj=0xf0, nIndex=1, pvInfo=0x244a3c0, nLength=0xc, lpnLengthNeeded=0x19f29c | out: pvInfo=0x244a3c0, lpnLengthNeeded=0x19f29c) returned 1 [0239.217] SetConsoleCtrlHandler (HandlerRoutine=0x47a060e, Add=1) returned 1 [0239.217] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0239.218] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0239.219] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x244a424 | out: lpWndClass=0x244a424) returned 0 [0239.220] CoTaskMemAlloc (cb=0x58) returned 0x71e780 [0239.220] RegisterClassW (lpWndClass=0x19f1ec) returned 0xc152 [0239.220] CoTaskMemFree (pv=0x71e780) [0239.221] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x30028 [0239.222] NtdllDefWindowProc_W (hWnd=0x30028, Msg=0x81, wParam=0x0, lParam=0x19ed28) returned 0x1 [0239.225] NtdllDefWindowProc_W (hWnd=0x30028, Msg=0x83, wParam=0x0, lParam=0x19ed14) returned 0x0 [0239.225] NtdllDefWindowProc_W (hWnd=0x30028, Msg=0x1, wParam=0x0, lParam=0x19ed28) returned 0x0 [0239.226] NtdllDefWindowProc_W (hWnd=0x30028, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0239.226] NtdllDefWindowProc_W (hWnd=0x30028, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0239.231] GetSysColor (nIndex=10) returned 0xb4b4b4 [0239.231] GetSysColor (nIndex=2) returned 0xd1b499 [0239.231] GetSysColor (nIndex=9) returned 0x0 [0239.231] GetSysColor (nIndex=12) returned 0xababab [0239.231] GetSysColor (nIndex=15) returned 0xf0f0f0 [0239.231] GetSysColor (nIndex=20) returned 0xffffff [0239.231] GetSysColor (nIndex=16) returned 0xa0a0a0 [0239.232] GetSysColor (nIndex=15) returned 0xf0f0f0 [0239.232] GetSysColor (nIndex=16) returned 0xa0a0a0 [0239.232] GetSysColor (nIndex=21) returned 0x696969 [0239.232] GetSysColor (nIndex=22) returned 0xe3e3e3 [0239.232] GetSysColor (nIndex=20) returned 0xffffff [0239.232] GetSysColor (nIndex=18) returned 0x0 [0239.232] GetSysColor (nIndex=1) returned 0x0 [0239.232] GetSysColor (nIndex=27) returned 0xead1b9 [0239.232] GetSysColor (nIndex=28) returned 0xf2e4d7 [0239.232] GetSysColor (nIndex=17) returned 0x6d6d6d [0239.232] GetSysColor (nIndex=13) returned 0xff9933 [0239.232] GetSysColor (nIndex=14) returned 0xffffff [0239.232] GetSysColor (nIndex=26) returned 0xcc6600 [0239.232] GetSysColor (nIndex=11) returned 0xfcf7f4 [0239.232] GetSysColor (nIndex=3) returned 0xdbcdbf [0239.232] GetSysColor (nIndex=19) returned 0x0 [0239.232] GetSysColor (nIndex=24) returned 0xe1ffff [0239.232] GetSysColor (nIndex=23) returned 0x0 [0239.233] GetSysColor (nIndex=4) returned 0xf0f0f0 [0239.233] GetSysColor (nIndex=30) returned 0xf0f0f0 [0239.233] GetSysColor (nIndex=29) returned 0xff9933 [0239.233] GetSysColor (nIndex=7) returned 0x0 [0239.233] GetSysColor (nIndex=0) returned 0xc8c8c8 [0239.233] GetSysColor (nIndex=5) returned 0xffffff [0239.233] GetSysColor (nIndex=6) returned 0x646464 [0239.233] GetSysColor (nIndex=8) returned 0x0 [0239.233] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.233] AdjustWindowRectEx (in: lpRect=0x19f3c0, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f3c0) returned 1 [0239.237] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.237] AdjustWindowRectEx (in: lpRect=0x19f394, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f394) returned 1 [0239.237] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.237] AdjustWindowRectEx (in: lpRect=0x19f394, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f394) returned 1 [0239.239] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.239] AdjustWindowRectEx (in: lpRect=0x19f400, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19f400) returned 1 [0239.239] GetSystemMetrics (nIndex=59) returned 1456 [0239.239] GetSystemMetrics (nIndex=60) returned 916 [0239.239] GetSystemMetrics (nIndex=34) returned 136 [0239.239] GetSystemMetrics (nIndex=35) returned 39 [0239.240] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.240] AdjustWindowRectEx (in: lpRect=0x19f300, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19f300) returned 1 [0239.240] GetCurrentThreadId () returned 0xd14 [0239.240] GetCurrentThreadId () returned 0xd14 [0239.242] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.242] AdjustWindowRectEx (in: lpRect=0x19f1f0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f1f0) returned 1 [0239.248] GdipGetFamilyName (in: family=0x5b34c98, name=0x19f0e0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0 [0239.249] CreateCompatibleDC (hdc=0x0) returned 0x37010546 [0239.250] GetCurrentObject (hdc=0x37010546, type=0x1) returned 0x1b00017 [0239.250] GetCurrentObject (hdc=0x37010546, type=0x2) returned 0x1900010 [0239.250] GetCurrentObject (hdc=0x37010546, type=0x7) returned 0x185000f [0239.250] GetCurrentObject (hdc=0x37010546, type=0x6) returned 0x18a0048 [0239.251] SaveDC (hdc=0x37010546) returned 1 [0239.251] GetDeviceCaps (hdc=0x37010546, index=90) returned 96 [0239.252] CoTaskMemAlloc (cb=0x5c) returned 0x721310 [0239.252] CreateFontIndirectW (lplf=0x721310) returned 0x30a0697 [0239.252] CoTaskMemFree (pv=0x721310) [0239.252] GetObjectW (in: h=0x30a0697, c=92, pv=0x19f0b8 | out: pv=0x19f0b8) returned 92 [0239.253] GetCurrentObject (hdc=0x37010546, type=0x6) returned 0x18a0048 [0239.253] GetObjectW (in: h=0x18a0048, c=92, pv=0x19f010 | out: pv=0x19f010) returned 92 [0239.253] SelectObject (hdc=0x37010546, h=0x30a0697) returned 0x18a0048 [0239.253] GetMapMode (hdc=0x37010546) returned 1 [0239.253] GetTextMetricsW (in: hdc=0x37010546, lptm=0x19f0c4 | out: lptm=0x19f0c4) returned 1 [0239.280] DrawTextExW (in: hdc=0x37010546, lpchText="웹 페이지에 나와있는 7자리 숫자를 입력 해주세요.", cchText=28, lprc=0x19f1d8, format=0x2400, lpdtp=0x244afc0 | out: lpchText="웹 페이지에 나와있는 7자리 숫자를 입력 해주세요.", lprc=0x19f1d8) returned 13 [0239.433] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d870000 [0239.433] AdjustWindowRectEx (in: lpRect=0x19f2c4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19f2c4) returned 1 [0270.163] EtwEventRegister (in: ProviderId=0x252c474, EnableCallback=0x47a065e, CallbackContext=0x0, RegHandle=0x252c450 | out: RegHandle=0x252c450) returned 0x0 [0270.165] EtwEventSetInformation (RegHandle=0x727e38, InformationClass=0x2c, EventInformation=0x2, InformationLength=0x252c3e4) returned 0x0 [0270.171] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config", nBufferLength=0x105, lpBuffer=0x19e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config", lpFilePart=0x0) returned 0x40 [0270.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ec70) returned 1 [0270.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19ecec | out: lpFileInformation=0x19ecec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0270.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ec6c) returned 1 [0270.368] GdipLoadImageFromStream (stream=0x4770030, image=0x19e960) returned 0x0 [0270.448] GdipImageForceValidation (image=0x5b3f268) returned 0x0 [0270.458] GdipGetImageType (image=0x5b3f268, type=0x19e95c) returned 0x0 [0270.458] GdipGetImageRawFormat (image=0x5b3f268, format=0x19e8dc*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0270.483] GdipGetImageWidth (image=0x5b3f268, width=0x19eeb8) returned 0x0 [0270.485] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.486] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.486] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=0, color=0x19eea4) returned 0x0 [0270.490] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.490] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.490] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=1, color=0x19eea4) returned 0x0 [0270.490] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.490] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.490] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=2, color=0x19eea4) returned 0x0 [0270.490] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.490] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.490] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=3, color=0x19eea4) returned 0x0 [0270.490] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.490] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.490] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=4, color=0x19eea4) returned 0x0 [0270.490] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.490] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.490] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=5, color=0x19eea4) returned 0x0 [0270.490] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.490] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.490] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=6, color=0x19eea4) returned 0x0 [0270.490] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.490] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.490] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=7, color=0x19eea4) returned 0x0 [0270.490] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.491] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.491] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=8, color=0x19eea4) returned 0x0 [0270.491] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.491] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.491] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=9, color=0x19eea4) returned 0x0 [0270.491] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.491] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.491] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=10, color=0x19eea4) returned 0x0 [0270.491] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.491] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.491] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=11, color=0x19eea4) returned 0x0 [0270.491] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.491] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.491] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=12, color=0x19eea4) returned 0x0 [0270.491] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.491] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.491] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=13, color=0x19eea4) returned 0x0 [0270.491] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.491] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.491] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=14, color=0x19eea4) returned 0x0 [0270.491] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.492] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.492] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=15, color=0x19eea4) returned 0x0 [0270.492] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.492] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.492] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=16, color=0x19eea4) returned 0x0 [0270.492] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.492] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.492] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=17, color=0x19eea4) returned 0x0 [0270.492] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.492] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.492] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=18, color=0x19eea4) returned 0x0 [0270.492] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.492] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.492] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=19, color=0x19eea4) returned 0x0 [0270.492] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.492] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.492] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=20, color=0x19eea4) returned 0x0 [0270.492] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.493] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.493] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=21, color=0x19eea4) returned 0x0 [0270.493] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.493] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.493] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=22, color=0x19eea4) returned 0x0 [0270.493] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.493] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.493] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=23, color=0x19eea4) returned 0x0 [0270.493] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.493] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.493] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=24, color=0x19eea4) returned 0x0 [0270.493] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.493] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.493] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=25, color=0x19eea4) returned 0x0 [0270.493] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.493] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.493] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=26, color=0x19eea4) returned 0x0 [0270.493] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.493] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.493] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=27, color=0x19eea4) returned 0x0 [0270.493] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.493] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.494] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=28, color=0x19eea4) returned 0x0 [0270.494] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.494] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.494] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=29, color=0x19eea4) returned 0x0 [0270.494] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.494] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.494] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=30, color=0x19eea4) returned 0x0 [0270.494] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.494] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.494] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=31, color=0x19eea4) returned 0x0 [0270.494] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.494] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.494] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=32, color=0x19eea4) returned 0x0 [0270.494] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.494] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.494] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=33, color=0x19eea4) returned 0x0 [0270.494] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.494] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.494] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=34, color=0x19eea4) returned 0x0 [0270.494] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.494] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.494] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=35, color=0x19eea4) returned 0x0 [0270.495] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.495] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.495] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=36, color=0x19eea4) returned 0x0 [0270.495] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.495] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.495] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=37, color=0x19eea4) returned 0x0 [0270.495] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.495] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.495] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=38, color=0x19eea4) returned 0x0 [0270.495] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.495] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.495] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=39, color=0x19eea4) returned 0x0 [0270.495] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.495] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.495] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=40, color=0x19eea4) returned 0x0 [0270.495] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.495] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.495] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=41, color=0x19eea4) returned 0x0 [0270.495] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.495] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.495] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=42, color=0x19eea4) returned 0x0 [0270.495] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.496] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.496] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=43, color=0x19eea4) returned 0x0 [0270.496] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.496] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.496] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=44, color=0x19eea4) returned 0x0 [0270.496] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.496] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.496] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=45, color=0x19eea4) returned 0x0 [0270.496] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.496] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.496] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=46, color=0x19eea4) returned 0x0 [0270.496] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.496] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.496] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=47, color=0x19eea4) returned 0x0 [0270.496] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.496] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.496] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=48, color=0x19eea4) returned 0x0 [0270.496] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.496] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.496] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=49, color=0x19eea4) returned 0x0 [0270.496] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.497] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.497] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=50, color=0x19eea4) returned 0x0 [0270.497] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.497] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.497] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=51, color=0x19eea4) returned 0x0 [0270.497] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.497] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.497] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=52, color=0x19eea4) returned 0x0 [0270.497] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.497] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.497] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=53, color=0x19eea4) returned 0x0 [0270.497] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.497] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.497] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=54, color=0x19eea4) returned 0x0 [0270.497] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.497] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.497] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=55, color=0x19eea4) returned 0x0 [0270.497] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.497] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.497] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=56, color=0x19eea4) returned 0x0 [0270.497] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.497] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.498] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=57, color=0x19eea4) returned 0x0 [0270.498] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.498] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.498] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=58, color=0x19eea4) returned 0x0 [0270.498] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.498] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.498] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=59, color=0x19eea4) returned 0x0 [0270.498] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.498] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.498] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=60, color=0x19eea4) returned 0x0 [0270.498] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.498] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.498] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=61, color=0x19eea4) returned 0x0 [0270.498] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.498] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.498] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=62, color=0x19eea4) returned 0x0 [0270.498] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.498] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.498] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=63, color=0x19eea4) returned 0x0 [0270.498] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.498] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.498] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=64, color=0x19eea4) returned 0x0 [0270.499] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.499] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.499] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=65, color=0x19eea4) returned 0x0 [0270.499] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.499] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.499] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=66, color=0x19eea4) returned 0x0 [0270.499] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.499] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.499] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=67, color=0x19eea4) returned 0x0 [0270.499] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.499] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.499] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=68, color=0x19eea4) returned 0x0 [0270.499] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.499] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.499] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=69, color=0x19eea4) returned 0x0 [0270.499] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.499] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.499] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=70, color=0x19eea4) returned 0x0 [0270.499] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.499] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.499] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=71, color=0x19eea4) returned 0x0 [0270.499] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.500] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.500] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=72, color=0x19eea4) returned 0x0 [0270.500] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.500] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.500] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=73, color=0x19eea4) returned 0x0 [0270.500] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.500] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.500] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=74, color=0x19eea4) returned 0x0 [0270.500] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.500] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.500] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=75, color=0x19eea4) returned 0x0 [0270.500] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.500] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.500] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=76, color=0x19eea4) returned 0x0 [0270.500] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.500] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.500] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=77, color=0x19eea4) returned 0x0 [0270.500] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.500] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.500] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=78, color=0x19eea4) returned 0x0 [0270.500] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.500] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.501] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=79, color=0x19eea4) returned 0x0 [0270.501] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.501] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.501] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=80, color=0x19eea4) returned 0x0 [0270.501] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.501] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.501] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=81, color=0x19eea4) returned 0x0 [0270.501] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.501] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.501] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=82, color=0x19eea4) returned 0x0 [0270.501] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.501] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.501] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=83, color=0x19eea4) returned 0x0 [0270.501] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.501] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.501] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=84, color=0x19eea4) returned 0x0 [0270.501] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.501] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.501] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=85, color=0x19eea4) returned 0x0 [0270.501] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.501] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.501] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=86, color=0x19eea4) returned 0x0 [0270.501] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.501] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.501] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=87, color=0x19eea4) returned 0x0 [0270.502] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.502] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.502] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=88, color=0x19eea4) returned 0x0 [0270.502] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.502] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.502] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=89, color=0x19eea4) returned 0x0 [0270.502] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.502] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.502] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=90, color=0x19eea4) returned 0x0 [0270.502] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.502] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.502] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=91, color=0x19eea4) returned 0x0 [0270.502] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.502] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.502] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=92, color=0x19eea4) returned 0x0 [0270.502] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.502] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.502] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=93, color=0x19eea4) returned 0x0 [0270.502] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.502] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.502] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=94, color=0x19eea4) returned 0x0 [0270.502] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.502] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.502] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=95, color=0x19eea4) returned 0x0 [0270.502] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.502] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.503] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=96, color=0x19eea4) returned 0x0 [0270.503] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.503] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.503] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=97, color=0x19eea4) returned 0x0 [0270.503] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.503] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.503] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=98, color=0x19eea4) returned 0x0 [0270.503] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.503] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.503] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=99, color=0x19eea4) returned 0x0 [0270.503] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.503] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.503] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=100, color=0x19eea4) returned 0x0 [0270.503] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.503] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.503] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=101, color=0x19eea4) returned 0x0 [0270.503] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.503] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.503] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=102, color=0x19eea4) returned 0x0 [0270.503] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.503] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.503] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=103, color=0x19eea4) returned 0x0 [0270.503] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.503] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.503] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=104, color=0x19eea4) returned 0x0 [0270.503] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.504] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.504] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=105, color=0x19eea4) returned 0x0 [0270.504] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.504] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.504] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=106, color=0x19eea4) returned 0x0 [0270.504] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.504] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.504] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=107, color=0x19eea4) returned 0x0 [0270.504] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.504] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.504] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=108, color=0x19eea4) returned 0x0 [0270.504] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.504] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.504] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=109, color=0x19eea4) returned 0x0 [0270.504] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.504] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.504] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=110, color=0x19eea4) returned 0x0 [0270.504] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.504] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.504] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=111, color=0x19eea4) returned 0x0 [0270.504] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.504] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.504] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=112, color=0x19eea4) returned 0x0 [0270.504] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.504] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.504] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=113, color=0x19eea4) returned 0x0 [0270.505] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.505] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.505] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=114, color=0x19eea4) returned 0x0 [0270.505] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.505] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.505] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=115, color=0x19eea4) returned 0x0 [0270.505] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.505] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.505] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=116, color=0x19eea4) returned 0x0 [0270.505] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.505] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.505] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=117, color=0x19eea4) returned 0x0 [0270.505] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.505] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.505] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=118, color=0x19eea4) returned 0x0 [0270.505] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.505] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.505] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=119, color=0x19eea4) returned 0x0 [0270.505] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.505] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.505] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=120, color=0x19eea4) returned 0x0 [0270.505] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.505] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.505] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=121, color=0x19eea4) returned 0x0 [0270.505] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.505] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.505] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=122, color=0x19eea4) returned 0x0 [0270.506] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.506] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.506] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=123, color=0x19eea4) returned 0x0 [0270.506] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.506] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.506] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=124, color=0x19eea4) returned 0x0 [0270.506] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.506] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.506] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=125, color=0x19eea4) returned 0x0 [0270.506] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.506] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.506] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=126, color=0x19eea4) returned 0x0 [0270.506] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.506] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.506] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=127, color=0x19eea4) returned 0x0 [0270.506] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.506] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.506] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=128, color=0x19eea4) returned 0x0 [0270.506] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.506] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.506] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=129, color=0x19eea4) returned 0x0 [0270.506] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.506] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.506] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=130, color=0x19eea4) returned 0x0 [0270.506] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.506] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.506] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=131, color=0x19eea4) returned 0x0 [0270.507] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.507] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.507] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=132, color=0x19eea4) returned 0x0 [0270.507] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.507] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.507] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=133, color=0x19eea4) returned 0x0 [0270.507] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.507] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.507] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=134, color=0x19eea4) returned 0x0 [0270.507] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.507] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.507] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=135, color=0x19eea4) returned 0x0 [0270.507] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.507] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.507] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=136, color=0x19eea4) returned 0x0 [0270.507] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.507] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.507] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=137, color=0x19eea4) returned 0x0 [0270.507] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.507] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.507] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=138, color=0x19eea4) returned 0x0 [0270.507] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.507] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.507] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=139, color=0x19eea4) returned 0x0 [0270.507] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.507] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.508] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=140, color=0x19eea4) returned 0x0 [0270.508] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.508] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.508] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=141, color=0x19eea4) returned 0x0 [0270.508] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.508] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.508] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=142, color=0x19eea4) returned 0x0 [0270.508] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.508] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.508] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=143, color=0x19eea4) returned 0x0 [0270.508] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.508] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.508] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=144, color=0x19eea4) returned 0x0 [0270.508] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.508] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.508] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=145, color=0x19eea4) returned 0x0 [0270.508] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.508] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.508] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=146, color=0x19eea4) returned 0x0 [0270.508] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.508] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.508] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=147, color=0x19eea4) returned 0x0 [0270.509] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.509] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.509] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=148, color=0x19eea4) returned 0x0 [0270.509] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.509] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.509] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=149, color=0x19eea4) returned 0x0 [0270.509] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.509] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.509] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=150, color=0x19eea4) returned 0x0 [0270.509] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.509] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.509] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=151, color=0x19eea4) returned 0x0 [0270.509] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.509] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.509] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=152, color=0x19eea4) returned 0x0 [0270.509] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.509] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.509] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=153, color=0x19eea4) returned 0x0 [0270.509] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.509] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.509] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=154, color=0x19eea4) returned 0x0 [0270.509] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.509] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.509] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=155, color=0x19eea4) returned 0x0 [0270.509] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.509] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.509] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=156, color=0x19eea4) returned 0x0 [0270.510] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.510] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.510] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=157, color=0x19eea4) returned 0x0 [0270.510] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.510] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.510] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=158, color=0x19eea4) returned 0x0 [0270.510] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.510] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.510] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=159, color=0x19eea4) returned 0x0 [0270.510] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.510] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.510] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=160, color=0x19eea4) returned 0x0 [0270.510] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.510] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.510] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=161, color=0x19eea4) returned 0x0 [0270.510] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.510] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.510] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=162, color=0x19eea4) returned 0x0 [0270.510] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.510] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.510] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=163, color=0x19eea4) returned 0x0 [0270.510] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.510] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.510] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=164, color=0x19eea4) returned 0x0 [0270.510] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.510] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.510] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=165, color=0x19eea4) returned 0x0 [0270.511] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.511] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.511] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=166, color=0x19eea4) returned 0x0 [0270.511] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.511] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.511] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=167, color=0x19eea4) returned 0x0 [0270.511] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.511] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.511] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=168, color=0x19eea4) returned 0x0 [0270.511] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.511] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.511] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=169, color=0x19eea4) returned 0x0 [0270.511] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.511] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.511] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=170, color=0x19eea4) returned 0x0 [0270.511] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.511] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.511] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=171, color=0x19eea4) returned 0x0 [0270.511] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.511] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.511] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=172, color=0x19eea4) returned 0x0 [0270.511] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.511] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.511] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=173, color=0x19eea4) returned 0x0 [0270.511] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.511] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.511] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=174, color=0x19eea4) returned 0x0 [0270.512] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.512] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.512] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=175, color=0x19eea4) returned 0x0 [0270.512] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.512] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.512] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=176, color=0x19eea4) returned 0x0 [0270.512] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.512] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.512] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=177, color=0x19eea4) returned 0x0 [0270.512] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.512] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.512] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=178, color=0x19eea4) returned 0x0 [0270.512] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.512] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.512] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=179, color=0x19eea4) returned 0x0 [0270.512] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.512] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.512] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=180, color=0x19eea4) returned 0x0 [0270.512] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.512] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.512] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=181, color=0x19eea4) returned 0x0 [0270.512] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.512] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.512] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=182, color=0x19eea4) returned 0x0 [0270.512] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.512] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.512] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=183, color=0x19eea4) returned 0x0 [0270.513] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.513] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.513] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=184, color=0x19eea4) returned 0x0 [0270.513] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.513] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.513] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=185, color=0x19eea4) returned 0x0 [0270.513] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.513] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.513] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=186, color=0x19eea4) returned 0x0 [0270.513] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.513] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.513] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=187, color=0x19eea4) returned 0x0 [0270.513] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.513] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.513] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=188, color=0x19eea4) returned 0x0 [0270.513] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.513] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.513] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=189, color=0x19eea4) returned 0x0 [0270.513] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.513] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.513] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=190, color=0x19eea4) returned 0x0 [0270.513] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.513] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.513] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=191, color=0x19eea4) returned 0x0 [0270.513] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.513] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.513] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=192, color=0x19eea4) returned 0x0 [0270.513] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.514] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.514] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=193, color=0x19eea4) returned 0x0 [0270.514] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.514] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.514] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=194, color=0x19eea4) returned 0x0 [0270.514] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.514] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.514] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=195, color=0x19eea4) returned 0x0 [0270.514] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.514] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.514] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=196, color=0x19eea4) returned 0x0 [0270.514] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.514] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.514] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=197, color=0x19eea4) returned 0x0 [0270.514] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.514] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.514] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=198, color=0x19eea4) returned 0x0 [0270.514] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.514] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.514] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=199, color=0x19eea4) returned 0x0 [0270.514] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.514] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.514] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=200, color=0x19eea4) returned 0x0 [0270.514] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.514] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.514] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=201, color=0x19eea4) returned 0x0 [0270.514] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.515] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.515] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=202, color=0x19eea4) returned 0x0 [0270.515] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.515] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.515] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=203, color=0x19eea4) returned 0x0 [0270.515] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.515] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.515] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=204, color=0x19eea4) returned 0x0 [0270.515] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.515] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.515] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=205, color=0x19eea4) returned 0x0 [0270.515] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.515] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.515] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=206, color=0x19eea4) returned 0x0 [0270.515] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.515] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.515] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=207, color=0x19eea4) returned 0x0 [0270.515] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.515] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.515] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=208, color=0x19eea4) returned 0x0 [0270.515] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.515] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.515] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=209, color=0x19eea4) returned 0x0 [0270.515] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.515] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.515] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=210, color=0x19eea4) returned 0x0 [0270.515] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.516] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.516] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=211, color=0x19eea4) returned 0x0 [0270.516] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.516] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.516] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=212, color=0x19eea4) returned 0x0 [0270.516] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.516] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.516] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=213, color=0x19eea4) returned 0x0 [0270.516] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.516] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.516] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=214, color=0x19eea4) returned 0x0 [0270.516] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.516] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.516] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=215, color=0x19eea4) returned 0x0 [0270.516] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.516] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.516] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=216, color=0x19eea4) returned 0x0 [0270.516] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.516] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.516] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=217, color=0x19eea4) returned 0x0 [0270.516] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.516] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.516] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=218, color=0x19eea4) returned 0x0 [0270.516] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.516] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.516] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=219, color=0x19eea4) returned 0x0 [0270.516] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.517] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.517] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=220, color=0x19eea4) returned 0x0 [0270.517] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.517] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.517] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=221, color=0x19eea4) returned 0x0 [0270.517] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.517] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.517] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=222, color=0x19eea4) returned 0x0 [0270.517] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.517] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.517] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=223, color=0x19eea4) returned 0x0 [0270.517] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.517] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.517] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=224, color=0x19eea4) returned 0x0 [0270.517] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.517] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.517] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=225, color=0x19eea4) returned 0x0 [0270.517] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.517] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.517] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=226, color=0x19eea4) returned 0x0 [0270.517] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.517] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.517] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=227, color=0x19eea4) returned 0x0 [0270.517] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.517] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.517] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=228, color=0x19eea4) returned 0x0 [0270.517] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.518] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.518] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=229, color=0x19eea4) returned 0x0 [0270.518] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.518] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.518] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=230, color=0x19eea4) returned 0x0 [0270.518] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.518] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.518] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=231, color=0x19eea4) returned 0x0 [0270.518] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.518] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.518] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=232, color=0x19eea4) returned 0x0 [0270.518] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.518] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.518] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=233, color=0x19eea4) returned 0x0 [0270.518] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.518] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.518] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=234, color=0x19eea4) returned 0x0 [0270.518] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.518] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.518] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=235, color=0x19eea4) returned 0x0 [0270.518] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.518] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.518] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=236, color=0x19eea4) returned 0x0 [0270.518] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.518] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.518] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=237, color=0x19eea4) returned 0x0 [0270.518] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.518] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.519] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=238, color=0x19eea4) returned 0x0 [0270.519] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.519] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.519] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=239, color=0x19eea4) returned 0x0 [0270.519] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.519] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.519] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=240, color=0x19eea4) returned 0x0 [0270.519] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.519] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.519] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=241, color=0x19eea4) returned 0x0 [0270.519] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.519] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.519] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=242, color=0x19eea4) returned 0x0 [0270.519] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.519] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.519] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=243, color=0x19eea4) returned 0x0 [0270.519] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.519] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.519] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=244, color=0x19eea4) returned 0x0 [0270.519] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.519] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.519] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=245, color=0x19eea4) returned 0x0 [0270.519] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.519] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.519] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=246, color=0x19eea4) returned 0x0 [0270.519] GdipGetImageWidth (image=0x5b3f268, width=0x19ee94) returned 0x0 [0270.519] GdipGetImageHeight (image=0x5b3f268, height=0x19ee94) returned 0x0 [0270.520] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=247, color=0x19eea4) returned 0x0 [0270.520] GdipBitmapGetPixel (bitmap=0x5b3f268, x=0, y=248, color=0x19eea4) returned 0x0 [0271.242] CoTaskMemAlloc (cb=0xd) returned 0x73b728 [0271.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x246516c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0271.244] LoadLibraryA (lpLibFileName="kernel32") returned 0x765a0000 [0271.244] CoTaskMemFree (pv=0x73b728) [0271.250] CoTaskMemAlloc (cb=0x11) returned 0x7176a0 [0271.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x24651a4, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12 [0271.251] GetProcAddress (hModule=0x765a0000, lpProcName="ResumeThread") returned 0x765ba800 [0271.252] CoTaskMemFree (pv=0x7176a0) [0271.259] CoTaskMemAlloc (cb=0xd) returned 0x73b758 [0271.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x246527c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0271.259] LoadLibraryA (lpLibFileName="kernel32") returned 0x765a0000 [0271.260] CoTaskMemFree (pv=0x73b758) [0271.260] CoTaskMemAlloc (cb=0x1a) returned 0x73c040 [0271.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x24652b4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0271.260] GetProcAddress (hModule=0x765a0000, lpProcName="Wow64SetThreadContext") returned 0x765e3e60 [0271.260] CoTaskMemFree (pv=0x73c040) [0271.270] CoTaskMemAlloc (cb=0xd) returned 0x73b698 [0271.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2465380, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0271.270] LoadLibraryA (lpLibFileName="kernel32") returned 0x765a0000 [0271.270] CoTaskMemFree (pv=0x73b698) [0271.270] CoTaskMemAlloc (cb=0x15) returned 0x717560 [0271.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x24653b8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0271.270] GetProcAddress (hModule=0x765a0000, lpProcName="SetThreadContext") returned 0x765e2490 [0271.270] CoTaskMemFree (pv=0x717560) [0271.273] CoTaskMemAlloc (cb=0xd) returned 0x73b698 [0271.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2465480, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0271.273] LoadLibraryA (lpLibFileName="kernel32") returned 0x765a0000 [0271.273] CoTaskMemFree (pv=0x73b698) [0271.273] CoTaskMemAlloc (cb=0x1a) returned 0x73c248 [0271.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x24654b8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0271.273] GetProcAddress (hModule=0x765a0000, lpProcName="Wow64GetThreadContext") returned 0x765e3e30 [0271.273] CoTaskMemFree (pv=0x73c248) [0271.276] CoTaskMemAlloc (cb=0xd) returned 0x73b698 [0271.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2465584, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0271.276] LoadLibraryA (lpLibFileName="kernel32") returned 0x765a0000 [0271.276] CoTaskMemFree (pv=0x73b698) [0271.276] CoTaskMemAlloc (cb=0x15) returned 0x7176a0 [0271.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x24655bc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0271.276] GetProcAddress (hModule=0x765a0000, lpProcName="GetThreadContext") returned 0x765bec60 [0271.276] CoTaskMemFree (pv=0x7176a0) [0271.279] CoTaskMemAlloc (cb=0xd) returned 0x73b6f8 [0271.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2465678, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0271.279] LoadLibraryA (lpLibFileName="kernel32") returned 0x765a0000 [0271.279] CoTaskMemFree (pv=0x73b6f8) [0271.279] CoTaskMemAlloc (cb=0x13) returned 0x717560 [0271.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x24656b0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14 [0271.279] GetProcAddress (hModule=0x765a0000, lpProcName="VirtualAllocEx") returned 0x765e2730 [0271.279] CoTaskMemFree (pv=0x717560) [0271.284] CoTaskMemAlloc (cb=0xd) returned 0x73b668 [0271.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x246576c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0271.284] LoadLibraryA (lpLibFileName="kernel32") returned 0x765a0000 [0271.284] CoTaskMemFree (pv=0x73b668) [0271.284] CoTaskMemAlloc (cb=0x17) returned 0x717780 [0271.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x24657a4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18 [0271.285] GetProcAddress (hModule=0x765a0000, lpProcName="WriteProcessMemory") returned 0x765e2850 [0271.285] CoTaskMemFree (pv=0x717780) [0271.291] CoTaskMemAlloc (cb=0xd) returned 0x73b7b8 [0271.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2465868, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0271.291] LoadLibraryA (lpLibFileName="kernel32") returned 0x765a0000 [0271.291] CoTaskMemFree (pv=0x73b7b8) [0271.291] CoTaskMemAlloc (cb=0x16) returned 0x717600 [0271.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x24658a0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17 [0271.291] GetProcAddress (hModule=0x765a0000, lpProcName="ReadProcessMemory") returned 0x765e1c80 [0271.291] CoTaskMemFree (pv=0x717600) [0271.296] CoTaskMemAlloc (cb=0xa) returned 0x73b890 [0271.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x2465960, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5 [0271.296] LoadLibraryA (lpLibFileName="ntdll") returned 0x77700000 [0271.296] CoTaskMemFree (pv=0x73b890) [0271.296] CoTaskMemAlloc (cb=0x19) returned 0x73c040 [0271.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x246598c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20 [0271.296] GetProcAddress (hModule=0x77700000, lpProcName="ZwUnmapViewOfSection") returned 0x77776f40 [0271.296] CoTaskMemFree (pv=0x73c040) [0271.300] CoTaskMemAlloc (cb=0xd) returned 0x73b788 [0271.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2465a54, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0271.301] LoadLibraryA (lpLibFileName="kernel32") returned 0x765a0000 [0271.301] CoTaskMemFree (pv=0x73b788) [0271.301] CoTaskMemAlloc (cb=0x13) returned 0x717620 [0271.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x2465a8c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14 [0271.301] GetProcAddress (hModule=0x765a0000, lpProcName="CreateProcessA") returned 0x765e0750 [0271.301] CoTaskMemFree (pv=0x717620) [0271.333] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", nBufferLength=0x105, lpBuffer=0x19e4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", lpFilePart=0x0) returned 0x39 [0271.338] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="mLNPTFHTEO") returned 0x0 [0271.364] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="mLNPTFHTEO") returned 0x2d4 [0271.471] CoTaskMemAlloc (cb=0x20c) returned 0x753090 [0271.472] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x753090 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0271.476] CoTaskMemFree (pv=0x753090) [0271.476] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0271.479] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", nBufferLength=0x105, lpBuffer=0x19e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe", lpFilePart=0x0) returned 0x37 [0271.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e9b4) returned 1 [0271.480] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xlpVvRzhctudF.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\xlpvvrzhctudf.exe"), fInfoLevelId=0x0, lpFileInformation=0x19ea30 | out: lpFileInformation=0x19ea30*(dwFileAttributes=0x2027, ftCreationTime.dwLowDateTime=0x41aef6ad, ftCreationTime.dwHighDateTime=0x1d7b3d4, ftLastAccessTime.dwLowDateTime=0x41aef6ad, ftLastAccessTime.dwHighDateTime=0x1d7b3d4, ftLastWriteTime.dwLowDateTime=0x3763c900, ftLastWriteTime.dwHighDateTime=0x1d7b3c3, nFileSizeHigh=0x0, nFileSizeLow=0xb4200)) returned 1 [0271.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e9b0) returned 1 [0271.586] GetCurrentProcess () returned 0xffffffff [0271.586] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e93c | out: TokenHandle=0x19e93c*=0x36c) returned 1 [0271.589] GetCurrentProcess () returned 0xffffffff [0271.589] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e90c | out: TokenHandle=0x19e90c*=0x360) returned 1 [0271.591] GetTokenInformation (in: TokenHandle=0x36c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19e940 | out: TokenInformation=0x0, ReturnLength=0x19e940) returned 0 [0271.591] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x75b420 [0271.591] GetTokenInformation (in: TokenHandle=0x36c, TokenInformationClass=0x1, TokenInformation=0x75b420, TokenInformationLength=0x24, ReturnLength=0x19e940 | out: TokenInformation=0x75b420, ReturnLength=0x19e940) returned 1 [0271.593] LocalFree (hMem=0x75b420) returned 0x0 [0271.598] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e860, DesiredAccess=0x800, PolicyHandle=0x19e820 | out: PolicyHandle=0x19e820) returned 0x0 [0271.599] LsaLookupSids (in: PolicyHandle=0x717620, Count=0x1, Sids=0x2485978*=0x24858e4*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), ReferencedDomains=0x19e83c, Names=0x19e830 | out: ReferencedDomains=0x19e83c, Names=0x19e830) returned 0x0 [0271.601] LsaClose (ObjectHandle=0x717620) returned 0x0 [0271.602] LsaFreeMemory (Buffer=0x755c68) returned 0x0 [0271.602] LsaFreeMemory (Buffer=0x71f6c8) returned 0x0 [0271.604] CoTaskMemAlloc (cb=0x20c) returned 0x77b6b0 [0271.604] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x77b6b0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0271.604] CoTaskMemFree (pv=0x77b6b0) [0271.605] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19e47c, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0271.605] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19e490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0271.605] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19e418, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0271.606] CoTaskMemAlloc (cb=0x20c) returned 0x77b6b0 [0271.606] GetTempFileNameW (in: lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x77b6b0 | out: lpTempFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp433e.tmp")) returned 0x433e [0271.628] CoTaskMemFree (pv=0x77b6b0) [0271.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp", nBufferLength=0x105, lpBuffer=0x19e334, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp", lpFilePart=0x0) returned 0x34 [0271.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e828) returned 1 [0271.637] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp433e.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x374 [0271.637] GetFileType (hFile=0x374) returned 0x1 [0271.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e824) returned 1 [0271.637] GetFileType (hFile=0x374) returned 0x1 [0271.638] WriteFile (in: hFile=0x374, lpBuffer=0x2489ae8*, nNumberOfBytesToWrite=0x66f, lpNumberOfBytesWritten=0x19e8c0, lpOverlapped=0x0 | out: lpBuffer=0x2489ae8*, lpNumberOfBytesWritten=0x19e8c0*=0x66f, lpOverlapped=0x0) returned 1 [0271.640] CloseHandle (hObject=0x374) returned 1 [0271.655] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x752830 [0271.655] LocalAlloc (uFlags=0x0, uBytes=0xc0) returned 0x751390 [0271.657] ShellExecuteExW (in: pExecInfo=0x248ae7c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\xlpVvRzhctudF\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x248ae7c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\xlpVvRzhctudF\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4a0)) returned 1 [0272.089] LocalFree (hMem=0x752830) returned 0x0 [0272.089] LocalFree (hMem=0x751390) returned 0x0 [0272.091] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp", nBufferLength=0x105, lpBuffer=0x19e4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp", lpFilePart=0x0) returned 0x34 [0272.091] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp433e.tmp")) returned 1 [0272.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", cchWideChar=57, lpMultiByteStr=0x19e65c, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe?l\x07\x1f¹ÿ/ «Np|î\x19", lpUsedDefaultChar=0x0) returned 57 [0272.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x19e658, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$@l\x07C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", lpUsedDefaultChar=0x0) returned 0 [0272.176] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19e6f4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19e9fc | out: lpCommandLine="", lpProcessInformation=0x19e9fc*(hProcess=0x424, hThread=0x428, dwProcessId=0xea8, dwThreadId=0xeac)) returned 1 [0272.192] CoTaskMemFree (pv=0x0) [0272.197] GetThreadContext (in: hThread=0x428, lpContext=0x248afb0 | out: lpContext=0x248afb0*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x30a000, Edx=0x0, Ecx=0x0, Eax=0x4a4d76, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0272.236] ReadProcessMemory (in: hProcess=0x424, lpBaseAddress=0x30a008, lpBuffer=0x19e9ec, nSize=0x4, lpNumberOfBytesRead=0x19ea30 | out: lpBuffer=0x19e9ec*, lpNumberOfBytesRead=0x19ea30*=0x4) returned 1 [0272.237] NtUnmapViewOfSection (ProcessHandle=0x424, BaseAddress=0x400000) returned 0x0 [0272.238] VirtualAllocEx (hProcess=0x424, lpAddress=0x400000, dwSize=0x3c000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0272.240] WriteProcessMemory (in: hProcess=0x424, lpBaseAddress=0x400000, lpBuffer=0x3505f50*, nSize=0x200, lpNumberOfBytesWritten=0x19ea30 | out: lpBuffer=0x3505f50*, lpNumberOfBytesWritten=0x19ea30*=0x200) returned 1 [0272.249] WriteProcessMemory (in: hProcess=0x424, lpBaseAddress=0x402000, lpBuffer=0x368f1d0*, nSize=0x35c00, lpNumberOfBytesWritten=0x19ea30 | out: lpBuffer=0x368f1d0*, lpNumberOfBytesWritten=0x19ea30*=0x35c00) returned 1 [0272.261] WriteProcessMemory (in: hProcess=0x424, lpBaseAddress=0x438000, lpBuffer=0x248b288*, nSize=0x600, lpNumberOfBytesWritten=0x19ea30 | out: lpBuffer=0x248b288*, lpNumberOfBytesWritten=0x19ea30*=0x600) returned 1 [0272.265] WriteProcessMemory (in: hProcess=0x424, lpBaseAddress=0x43a000, lpBuffer=0x248b894*, nSize=0x200, lpNumberOfBytesWritten=0x19ea30 | out: lpBuffer=0x248b894*, lpNumberOfBytesWritten=0x19ea30*=0x200) returned 1 [0272.271] WriteProcessMemory (in: hProcess=0x424, lpBaseAddress=0x30a008, lpBuffer=0x248baa0*, nSize=0x4, lpNumberOfBytesWritten=0x19ea30 | out: lpBuffer=0x248baa0*, lpNumberOfBytesWritten=0x19ea30*=0x4) returned 1 [0272.273] SetThreadContext (hThread=0x428, lpContext=0x248afb0*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x30a000, Edx=0x0, Ecx=0x0, Eax=0x437a9e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0272.310] ResumeThread (hThread=0x428) returned 0x1 [0272.470] CoGetContextToken (in: pToken=0x19edf8 | out: pToken=0x19edf8) returned 0x0 [0272.470] CObjectContext::QueryInterface () returned 0x0 [0272.470] CObjectContext::GetCurrentThreadType () returned 0x0 [0272.470] Release () returned 0x3 [0272.471] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x6e8c08*=0x14c, lpdwindex=0x19ec9c | out: lpdwindex=0x19ec9c) returned 0x0 Thread: id = 178 os_tid = 0xd18 Thread: id = 179 os_tid = 0xd20 Thread: id = 180 os_tid = 0xd24 [0236.448] CoGetContextToken (in: pToken=0x235fc3c | out: pToken=0x235fc3c) returned 0x800401f0 [0236.448] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0236.448] RoInitialize () returned 0x1 [0236.448] RoUninitialize () returned 0x0 [0272.535] SetWindowLongW (hWnd=0x30042, nIndex=-4, dwNewLong=1950025696) returned 75105766 [0272.536] SetClassLongW (hWnd=0x30042, nIndex=-24, dwNewLong=1950025696) returned 0x47a05be [0272.536] PostMessageW (hWnd=0x30042, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0272.537] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0272.537] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", hInstance=0x400000) returned 0 [0272.540] IsWindow (hWnd=0x30028) returned 1 [0272.542] GetModuleHandleW (lpModuleName="user32.dll") returned 0x773e0000 [0272.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x235f9dc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x90n\x1f¹ÿ/ «NpXü5\x02\x18~p", lpUsedDefaultChar=0x0) returned 14 [0272.543] GetProcAddress (hModule=0x773e0000, lpProcName="DefWindowProcW") returned 0x743b07e0 [0272.543] SetWindowLongW (hWnd=0x30028, nIndex=-4, dwNewLong=1950025696) returned 75105846 [0272.543] SetClassLongW (hWnd=0x30028, nIndex=-24, dwNewLong=1950025696) returned 0x47a0636 [0272.543] IsWindow (hWnd=0x30028) returned 1 [0272.544] DestroyWindow (hWnd=0x30028) returned 0 [0272.544] PostMessageW (hWnd=0x30028, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0272.544] SetConsoleCtrlHandler (HandlerRoutine=0x47a060e, Add=0) returned 1 [0272.544] EtwEventUnregister (RegHandle=0x727e38) returned 0x0 [0272.559] GdipDisposeImage (image=0x5b3f268) returned 0x0 [0272.563] GdipDeleteFont (font=0x4b2efc0) returned 0x0 [0272.564] GetCurrentObject (hdc=0x37010546, type=0x6) returned 0x30a0697 [0272.564] SelectObject (hdc=0x37010546, h=0x18a0048) returned 0x30a0697 [0272.564] DeleteObject (ho=0x30a0697) returned 1 [0272.565] DeleteDC (hdc=0x37010546) returned 1 [0272.566] RestoreDC (hdc=0x0, nSavedDC=-1) returned 0 [0272.567] CloseHandle (hObject=0x264) returned 1 [0272.571] CloseHandle (hObject=0x36c) returned 1 [0272.572] CloseHandle (hObject=0x4a0) returned 1 [0272.572] CloseHandle (hObject=0x2d4) returned 1 [0272.572] RegCloseKey (hKey=0x80000004) returned 0x0 [0272.573] CloseHandle (hObject=0x360) returned 1 Thread: id = 181 os_tid = 0xd34 Thread: id = 263 os_tid = 0xe88 Thread: id = 264 os_tid = 0xe8c Thread: id = 265 os_tid = 0xe90 [0271.377] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0271.377] RoInitialize () returned 0x1 [0271.377] RoUninitialize () returned 0x0 [0271.455] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x784f1c4 | out: lpLuid=0x784f1c4*(LowPart=0x14, HighPart=0)) returned 1 [0271.463] GetCurrentProcess () returned 0xffffffff [0271.464] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x784f1c0 | out: TokenHandle=0x784f1c0*=0x358) returned 1 [0271.464] AdjustTokenPrivileges (in: TokenHandle=0x358, DisableAllPrivileges=0, NewState=0x2467c74*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0271.465] CloseHandle (hObject=0x358) returned 1 [0271.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x353c570, Length=0x20000, ResultLength=0x784f8a4 | out: SystemInformation=0x353c570, ResultLength=0x784f8a4*=0xd7f8) returned 0x0 Thread: id = 266 os_tid = 0xe94 Thread: id = 267 os_tid = 0xe98 Thread: id = 268 os_tid = 0xe9c Thread: id = 273 os_tid = 0xebc [0272.462] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0272.462] RoInitialize () returned 0x1 [0272.462] RoUninitialize () returned 0x0 [0272.462] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x353c570, Length=0x20000, ResultLength=0x83ef824 | out: SystemInformation=0x353c570, ResultLength=0x83ef824*=0xdda8) returned 0x0 Thread: id = 274 os_tid = 0xec0 Process: id = "10" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x50c1b000" os_pid = "0xdec" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x270" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:000387a5" [0xc000000f] Region: id = 2047 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2048 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2049 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2050 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2051 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2052 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2053 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2054 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2055 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2056 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2057 start_va = 0x7ff67b0d0000 end_va = 0x7ff67b14ffff monitored = 0 entry_point = 0x7ff67b0e5f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 2058 start_va = 0x7ffb55e80000 end_va = 0x7ffb56040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2059 start_va = 0x410000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2060 start_va = 0x7ffb52dc0000 end_va = 0x7ffb52fa7fff monitored = 0 entry_point = 0x7ffb52deba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2061 start_va = 0x7ffb55cc0000 end_va = 0x7ffb55d6cfff monitored = 0 entry_point = 0x7ffb55cd81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2062 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2063 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2064 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2065 start_va = 0x7ffb53700000 end_va = 0x7ffb5379cfff monitored = 0 entry_point = 0x7ffb537078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2066 start_va = 0x510000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2067 start_va = 0x7ffb3e010000 end_va = 0x7ffb3e105fff monitored = 0 entry_point = 0x7ffb3e049590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2068 start_va = 0x7ffb55800000 end_va = 0x7ffb55a7cfff monitored = 0 entry_point = 0x7ffb558d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2069 start_va = 0x7ffb54e90000 end_va = 0x7ffb54fabfff monitored = 0 entry_point = 0x7ffb54ed02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2070 start_va = 0x7ffb53210000 end_va = 0x7ffb53279fff monitored = 0 entry_point = 0x7ffb53246d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2071 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2072 start_va = 0x7ffb3de50000 end_va = 0x7ffb3de65fff monitored = 0 entry_point = 0x7ffb3de555e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2073 start_va = 0x7ffb3fd70000 end_va = 0x7ffb3fdeefff monitored = 0 entry_point = 0x7ffb3fd87110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2074 start_va = 0x7ffb555f0000 end_va = 0x7ffb5565afff monitored = 0 entry_point = 0x7ffb556090c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2075 start_va = 0x7ffb52330000 end_va = 0x7ffb52358fff monitored = 0 entry_point = 0x7ffb52344530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2076 start_va = 0x7ffb55b90000 end_va = 0x7ffb55beafff monitored = 0 entry_point = 0x7ffb55ba38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2077 start_va = 0x590000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2078 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2079 start_va = 0x7ffb53280000 end_va = 0x7ffb53326fff monitored = 0 entry_point = 0x7ffb532958d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2080 start_va = 0x620000 end_va = 0x956fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2081 start_va = 0x7ffb55050000 end_va = 0x7ffb551a5fff monitored = 0 entry_point = 0x7ffb5505a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2082 start_va = 0x7ffb537a0000 end_va = 0x7ffb53925fff monitored = 0 entry_point = 0x7ffb537effc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2083 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2084 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2085 start_va = 0x960000 end_va = 0xae7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 2086 start_va = 0xaf0000 end_va = 0xc70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 2087 start_va = 0xc80000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c80000" filename = "" Region: id = 2088 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2089 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2090 start_va = 0x590000 end_va = 0x594fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2091 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 2092 start_va = 0xd40000 end_va = 0xe1cfff monitored = 0 entry_point = 0xd9e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2093 start_va = 0x7ffb52520000 end_va = 0x7ffb5252efff monitored = 0 entry_point = 0x7ffb52523210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2094 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 2095 start_va = 0xd40000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 2096 start_va = 0xdc0000 end_va = 0xebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 2097 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2098 start_va = 0x7ffb55a80000 end_va = 0x7ffb55b26fff monitored = 0 entry_point = 0x7ffb55a8b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2099 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2100 start_va = 0x7ffb3f0a0000 end_va = 0x7ffb3f0b0fff monitored = 0 entry_point = 0x7ffb3f0a2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2101 start_va = 0x7ffb55bf0000 end_va = 0x7ffb55cb0fff monitored = 0 entry_point = 0x7ffb55c10da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2102 start_va = 0xec0000 end_va = 0x1002fff monitored = 0 entry_point = 0xee8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2103 start_va = 0xec0000 end_va = 0xf9cfff monitored = 0 entry_point = 0xf1e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2104 start_va = 0xec0000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 2105 start_va = 0xf40000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 2106 start_va = 0xfc0000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2107 start_va = 0x7ffb3dff0000 end_va = 0x7ffb3e003fff monitored = 0 entry_point = 0x7ffb3dff1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2551 start_va = 0x1040000 end_va = 0x10bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001040000" filename = "" Region: id = 2552 start_va = 0x10c0000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 2553 start_va = 0x7ffb3dfc0000 end_va = 0x7ffb3dfe4fff monitored = 0 entry_point = 0x7ffb3dfc9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2554 start_va = 0x7ffb3c460000 end_va = 0x7ffb3c62efff monitored = 0 entry_point = 0x7ffb3c487df0 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 2555 start_va = 0x7ffb524c0000 end_va = 0x7ffb5250afff monitored = 0 entry_point = 0x7ffb524c35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2556 start_va = 0x7ffb4b550000 end_va = 0x7ffb4b59dfff monitored = 0 entry_point = 0x7ffb4b561ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 2557 start_va = 0x7ffb52120000 end_va = 0x7ffb5214cfff monitored = 0 entry_point = 0x7ffb52139d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2558 start_va = 0x180000000 end_va = 0x180002fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 2559 start_va = 0x7ffb4dec0000 end_va = 0x7ffb4ded0fff monitored = 0 entry_point = 0x7ffb4dec3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2560 start_va = 0x1140000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 2561 start_va = 0x5d0000 end_va = 0x5d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 3040 start_va = 0x5e0000 end_va = 0x5e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 3076 start_va = 0x5e0000 end_va = 0x5e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 3077 start_va = 0x5f0000 end_va = 0x5f4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 3078 start_va = 0x11c0000 end_va = 0x12bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 3079 start_va = 0x5f0000 end_va = 0x605fff monitored = 0 entry_point = 0x600420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3080 start_va = 0x12c0000 end_va = 0x12c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3081 start_va = 0x5f0000 end_va = 0x605fff monitored = 0 entry_point = 0x600420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3082 start_va = 0x12c0000 end_va = 0x12c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3083 start_va = 0x5f0000 end_va = 0x605fff monitored = 0 entry_point = 0x600420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3084 start_va = 0x12c0000 end_va = 0x12c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3085 start_va = 0x5f0000 end_va = 0x605fff monitored = 0 entry_point = 0x600420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 3086 start_va = 0x12c0000 end_va = 0x12c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 3087 start_va = 0x5f0000 end_va = 0x609fff monitored = 1 entry_point = 0x5f1190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3088 start_va = 0x12c0000 end_va = 0x12c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3089 start_va = 0x5f0000 end_va = 0x609fff monitored = 1 entry_point = 0x5f1190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3090 start_va = 0x12c0000 end_va = 0x12c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3091 start_va = 0x5f0000 end_va = 0x5f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3092 start_va = 0x12c0000 end_va = 0x12eafff monitored = 0 entry_point = 0x12dd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3093 start_va = 0x1380000 end_va = 0x177afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001380000" filename = "" Region: id = 3094 start_va = 0x5f0000 end_va = 0x5f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3095 start_va = 0x12c0000 end_va = 0x12eafff monitored = 0 entry_point = 0x12dd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3096 start_va = 0x5f0000 end_va = 0x5f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3097 start_va = 0x12c0000 end_va = 0x12eafff monitored = 0 entry_point = 0x12dd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3098 start_va = 0x5f0000 end_va = 0x5f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3099 start_va = 0x12c0000 end_va = 0x12eafff monitored = 0 entry_point = 0x12dd000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3100 start_va = 0x12c0000 end_va = 0x12e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3101 start_va = 0x1780000 end_va = 0x1863fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3102 start_va = 0x12c0000 end_va = 0x12e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3103 start_va = 0x1780000 end_va = 0x1863fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3104 start_va = 0x5f0000 end_va = 0x5f5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 3105 start_va = 0x12c0000 end_va = 0x1352fff monitored = 0 entry_point = 0x1339000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 3106 start_va = 0x5f0000 end_va = 0x5f5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 3107 start_va = 0x12c0000 end_va = 0x1352fff monitored = 0 entry_point = 0x1339000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 3108 start_va = 0x5f0000 end_va = 0x5f5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 3109 start_va = 0x12c0000 end_va = 0x1360fff monitored = 0 entry_point = 0x1353000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 3110 start_va = 0x5f0000 end_va = 0x5f5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 3111 start_va = 0x12c0000 end_va = 0x1360fff monitored = 0 entry_point = 0x1353000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 3112 start_va = 0x5f0000 end_va = 0x5fafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3113 start_va = 0x12c0000 end_va = 0x1345fff monitored = 0 entry_point = 0x1331000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3114 start_va = 0x5f0000 end_va = 0x5fafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3115 start_va = 0x12c0000 end_va = 0x1345fff monitored = 0 entry_point = 0x1331000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3116 start_va = 0x5f0000 end_va = 0x5fafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3117 start_va = 0x12c0000 end_va = 0x1345fff monitored = 0 entry_point = 0x1331000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3118 start_va = 0x5f0000 end_va = 0x5fafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 3119 start_va = 0x12c0000 end_va = 0x1345fff monitored = 0 entry_point = 0x1331000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 3120 start_va = 0x5f0000 end_va = 0x5fefff monitored = 0 entry_point = 0x5f36e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 3121 start_va = 0x600000 end_va = 0x601fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 3122 start_va = 0x5f0000 end_va = 0x5fefff monitored = 0 entry_point = 0x5f36e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 3123 start_va = 0x600000 end_va = 0x601fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 3124 start_va = 0x5f0000 end_va = 0x60afff monitored = 1 entry_point = 0x5f1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3125 start_va = 0x12c0000 end_va = 0x12cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3126 start_va = 0x5f0000 end_va = 0x60afff monitored = 1 entry_point = 0x5f1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3127 start_va = 0x12c0000 end_va = 0x12cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3128 start_va = 0x5f0000 end_va = 0x60afff monitored = 1 entry_point = 0x5f1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3129 start_va = 0x12c0000 end_va = 0x12cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3130 start_va = 0x5f0000 end_va = 0x60afff monitored = 1 entry_point = 0x5f1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3131 start_va = 0x12c0000 end_va = 0x12cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3132 start_va = 0x5f0000 end_va = 0x60afff monitored = 1 entry_point = 0x5f1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3133 start_va = 0x12c0000 end_va = 0x12cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3134 start_va = 0x5f0000 end_va = 0x60afff monitored = 1 entry_point = 0x5f1190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3135 start_va = 0x12c0000 end_va = 0x12cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3136 start_va = 0x5f0000 end_va = 0x5f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 3137 start_va = 0x1780000 end_va = 0x188efff monitored = 0 entry_point = 0x17bc010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 3138 start_va = 0x5f0000 end_va = 0x5f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 3139 start_va = 0x1780000 end_va = 0x188efff monitored = 0 entry_point = 0x17bc010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 3140 start_va = 0x5f0000 end_va = 0x606fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 3141 start_va = 0x1780000 end_va = 0x19d6fff monitored = 0 entry_point = 0x198ce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 3142 start_va = 0x5f0000 end_va = 0x606fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 3143 start_va = 0x1780000 end_va = 0x19d6fff monitored = 0 entry_point = 0x198ce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 3144 start_va = 0x5f0000 end_va = 0x5f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3145 start_va = 0x1780000 end_va = 0x1890fff monitored = 0 entry_point = 0x1871bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3146 start_va = 0x5f0000 end_va = 0x5f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3147 start_va = 0x1780000 end_va = 0x1890fff monitored = 0 entry_point = 0x1871bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3148 start_va = 0x5f0000 end_va = 0x5f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3149 start_va = 0x1780000 end_va = 0x1890fff monitored = 0 entry_point = 0x1871bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3150 start_va = 0x5f0000 end_va = 0x5f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3151 start_va = 0x1780000 end_va = 0x1890fff monitored = 0 entry_point = 0x1871bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3152 start_va = 0x5f0000 end_va = 0x5f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3153 start_va = 0x1780000 end_va = 0x1890fff monitored = 0 entry_point = 0x1871bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3154 start_va = 0x5f0000 end_va = 0x5f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 3155 start_va = 0x1780000 end_va = 0x1890fff monitored = 0 entry_point = 0x1871bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 3156 start_va = 0x5f0000 end_va = 0x5fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3157 start_va = 0x600000 end_va = 0x60dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3158 start_va = 0x5f0000 end_va = 0x5fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3159 start_va = 0x600000 end_va = 0x60dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3160 start_va = 0x5f0000 end_va = 0x601fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3161 start_va = 0x12c0000 end_va = 0x136efff monitored = 0 entry_point = 0x1337000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3162 start_va = 0x5f0000 end_va = 0x601fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3163 start_va = 0x12c0000 end_va = 0x136efff monitored = 0 entry_point = 0x1337000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3164 start_va = 0x5f0000 end_va = 0x601fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3165 start_va = 0x12c0000 end_va = 0x136efff monitored = 0 entry_point = 0x1337000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3166 start_va = 0x5f0000 end_va = 0x601fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3167 start_va = 0x12c0000 end_va = 0x136efff monitored = 0 entry_point = 0x1337000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3168 start_va = 0x5f0000 end_va = 0x601fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3169 start_va = 0x12c0000 end_va = 0x136efff monitored = 0 entry_point = 0x1337000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 3170 start_va = 0x5f0000 end_va = 0x601fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 3171 start_va = 0x12c0000 end_va = 0x136efff monitored = 0 entry_point = 0x1337000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Thread: id = 182 os_tid = 0xdf0 Thread: id = 183 os_tid = 0xdf4 Thread: id = 184 os_tid = 0xdf8 Thread: id = 185 os_tid = 0xdfc Thread: id = 186 os_tid = 0xe00 Thread: id = 187 os_tid = 0xe04 Thread: id = 260 os_tid = 0xe08 Thread: id = 261 os_tid = 0xe0c Thread: id = 262 os_tid = 0xe10 Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75241000" os_pid = "0x3f0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "10" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cead" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2108 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2109 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2110 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2111 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2112 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2113 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2114 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2115 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2116 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2117 start_va = 0x1d0000 end_va = 0x1d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2118 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2119 start_va = 0x1f0000 end_va = 0x1f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2120 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2121 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2122 start_va = 0x500000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2123 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2124 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2125 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 2126 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2127 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2128 start_va = 0x5d0000 end_va = 0x5d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 2129 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 2130 start_va = 0x5f0000 end_va = 0x5f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2131 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2132 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2133 start_va = 0x890000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2134 start_va = 0xa20000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 2135 start_va = 0xae0000 end_va = 0xedafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 2136 start_va = 0xee0000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 2137 start_va = 0xf60000 end_va = 0xfa4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 2138 start_va = 0xfb0000 end_va = 0xfb3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2139 start_va = 0xfc0000 end_va = 0xfc6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2140 start_va = 0xfd0000 end_va = 0xfd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fd0000" filename = "" Region: id = 2141 start_va = 0xfe0000 end_va = 0xfe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fe0000" filename = "" Region: id = 2142 start_va = 0xff0000 end_va = 0xff1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ff0000" filename = "" Region: id = 2143 start_va = 0x1000000 end_va = 0x1001fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001000000" filename = "" Region: id = 2144 start_va = 0x1010000 end_va = 0x1016fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "newdev.dll.mui" filename = "\\Windows\\System32\\en-US\\newdev.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\newdev.dll.mui") Region: id = 2145 start_va = 0x1020000 end_va = 0x1020fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 2146 start_va = 0x1030000 end_va = 0x1030fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001030000" filename = "" Region: id = 2147 start_va = 0x1040000 end_va = 0x1046fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001040000" filename = "" Region: id = 2148 start_va = 0x1050000 end_va = 0x10cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 2149 start_va = 0x10d0000 end_va = 0x10d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 2150 start_va = 0x10e0000 end_va = 0x10effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 2151 start_va = 0x10f0000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 2152 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 2153 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2154 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 2155 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 2156 start_va = 0x1500000 end_va = 0x1836fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2157 start_va = 0x1840000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001840000" filename = "" Region: id = 2158 start_va = 0x1940000 end_va = 0x1a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 2159 start_va = 0x1a40000 end_va = 0x1b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a40000" filename = "" Region: id = 2160 start_va = 0x1b40000 end_va = 0x1bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b40000" filename = "" Region: id = 2161 start_va = 0x1bc0000 end_va = 0x1bc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 2162 start_va = 0x1bd0000 end_va = 0x1bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 2163 start_va = 0x1be0000 end_va = 0x1be3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001be0000" filename = "" Region: id = 2164 start_va = 0x1bf0000 end_va = 0x1bf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bf0000" filename = "" Region: id = 2165 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 2166 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 2167 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 2168 start_va = 0x1f00000 end_va = 0x1f8dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 2169 start_va = 0x1f90000 end_va = 0x1fd2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 2170 start_va = 0x1fe0000 end_va = 0x1fe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 2171 start_va = 0x1ff0000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 2172 start_va = 0x2000000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 2173 start_va = 0x2100000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2174 start_va = 0x2180000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 2175 start_va = 0x2280000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 2176 start_va = 0x22a0000 end_va = 0x22a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 2177 start_va = 0x22b0000 end_va = 0x22b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 2178 start_va = 0x22c0000 end_va = 0x22c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2179 start_va = 0x22d0000 end_va = 0x22dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2180 start_va = 0x22e0000 end_va = 0x22effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2181 start_va = 0x22f0000 end_va = 0x22fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2182 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2183 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 2184 start_va = 0x2500000 end_va = 0x257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 2185 start_va = 0x2580000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 2186 start_va = 0x2680000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 2187 start_va = 0x2780000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 2188 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2189 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2190 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 2191 start_va = 0x2b00000 end_va = 0x2bdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2192 start_va = 0x2be0000 end_va = 0x2cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002be0000" filename = "" Region: id = 2193 start_va = 0x2ce0000 end_va = 0x2d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ce0000" filename = "" Region: id = 2194 start_va = 0x2d60000 end_va = 0x2e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 2195 start_va = 0x2e60000 end_va = 0x2f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e60000" filename = "" Region: id = 2196 start_va = 0x2f60000 end_va = 0x305ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f60000" filename = "" Region: id = 2197 start_va = 0x3060000 end_va = 0x315ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 2198 start_va = 0x3160000 end_va = 0x325ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 2199 start_va = 0x3260000 end_va = 0x32dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 2200 start_va = 0x32e0000 end_va = 0x32effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032e0000" filename = "" Region: id = 2201 start_va = 0x32f0000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032f0000" filename = "" Region: id = 2202 start_va = 0x3300000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003300000" filename = "" Region: id = 2203 start_va = 0x3310000 end_va = 0x331ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003310000" filename = "" Region: id = 2204 start_va = 0x3320000 end_va = 0x332ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003320000" filename = "" Region: id = 2205 start_va = 0x3330000 end_va = 0x333ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003330000" filename = "" Region: id = 2206 start_va = 0x3340000 end_va = 0x3346fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 2207 start_va = 0x3350000 end_va = 0x33cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2208 start_va = 0x33d0000 end_va = 0x33d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 2209 start_va = 0x33e0000 end_va = 0x33effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2210 start_va = 0x33f0000 end_va = 0x33fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2211 start_va = 0x3400000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 2212 start_va = 0x3500000 end_va = 0x354dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003500000" filename = "" Region: id = 2213 start_va = 0x3550000 end_va = 0x359dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003550000" filename = "" Region: id = 2214 start_va = 0x35a0000 end_va = 0x35affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035a0000" filename = "" Region: id = 2215 start_va = 0x35b0000 end_va = 0x35bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035b0000" filename = "" Region: id = 2216 start_va = 0x35c0000 end_va = 0x35cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035c0000" filename = "" Region: id = 2217 start_va = 0x35d0000 end_va = 0x35dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035d0000" filename = "" Region: id = 2218 start_va = 0x35e0000 end_va = 0x35effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035e0000" filename = "" Region: id = 2219 start_va = 0x35f0000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035f0000" filename = "" Region: id = 2220 start_va = 0x3600000 end_va = 0x36fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2221 start_va = 0x3700000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 2222 start_va = 0x4700000 end_va = 0x470ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2223 start_va = 0x4710000 end_va = 0x471ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2224 start_va = 0x4720000 end_va = 0x472ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2225 start_va = 0x4730000 end_va = 0x473ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2226 start_va = 0x4740000 end_va = 0x474ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2227 start_va = 0x4750000 end_va = 0x475ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2228 start_va = 0x4760000 end_va = 0x476ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2229 start_va = 0x4770000 end_va = 0x477ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2230 start_va = 0x4780000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 2231 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2232 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2233 start_va = 0x4820000 end_va = 0x4823fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004820000" filename = "" Region: id = 2234 start_va = 0x4830000 end_va = 0x483ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2235 start_va = 0x4840000 end_va = 0x484ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004840000" filename = "" Region: id = 2236 start_va = 0x4850000 end_va = 0x485ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004850000" filename = "" Region: id = 2237 start_va = 0x4860000 end_va = 0x486ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 2238 start_va = 0x4870000 end_va = 0x487ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004870000" filename = "" Region: id = 2239 start_va = 0x4880000 end_va = 0x4880fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 2240 start_va = 0x4890000 end_va = 0x498ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004890000" filename = "" Region: id = 2241 start_va = 0x4990000 end_va = 0x499ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2242 start_va = 0x49a0000 end_va = 0x49affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2243 start_va = 0x49b0000 end_va = 0x49bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2244 start_va = 0x49c0000 end_va = 0x49cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2245 start_va = 0x49d0000 end_va = 0x49dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2246 start_va = 0x49e0000 end_va = 0x49effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2247 start_va = 0x49f0000 end_va = 0x49fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2248 start_va = 0x4a00000 end_va = 0x4a0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2249 start_va = 0x4a10000 end_va = 0x4a1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2250 start_va = 0x4a20000 end_va = 0x4a2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2251 start_va = 0x4a30000 end_va = 0x4a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2252 start_va = 0x4a40000 end_va = 0x4a4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2253 start_va = 0x4a50000 end_va = 0x4a5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2254 start_va = 0x4a60000 end_va = 0x4a66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a60000" filename = "" Region: id = 2255 start_va = 0x4a70000 end_va = 0x4a7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2256 start_va = 0x4a80000 end_va = 0x4a8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2257 start_va = 0x4a90000 end_va = 0x4a9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2258 start_va = 0x4aa0000 end_va = 0x4aaffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2259 start_va = 0x4ab0000 end_va = 0x4ab3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ab0000" filename = "" Region: id = 2260 start_va = 0x4ac0000 end_va = 0x4ac4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 2261 start_va = 0x4ad0000 end_va = 0x4adffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 2262 start_va = 0x4ae0000 end_va = 0x4ae5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ae0000" filename = "" Region: id = 2263 start_va = 0x4af0000 end_va = 0x4af1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004af0000" filename = "" Region: id = 2264 start_va = 0x4b00000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 2265 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 2266 start_va = 0x4d00000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 2267 start_va = 0x4e00000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 2268 start_va = 0x4f00000 end_va = 0x4f03fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 2269 start_va = 0x4f10000 end_va = 0x4f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f10000" filename = "" Region: id = 2270 start_va = 0x4f20000 end_va = 0x4f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f20000" filename = "" Region: id = 2271 start_va = 0x4f30000 end_va = 0x4f31fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 2272 start_va = 0x4f40000 end_va = 0x4f41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f40000" filename = "" Region: id = 2273 start_va = 0x4f50000 end_va = 0x4f52fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f50000" filename = "" Region: id = 2274 start_va = 0x4f60000 end_va = 0x4f70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 2275 start_va = 0x4f80000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f80000" filename = "" Region: id = 2276 start_va = 0x5080000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 2277 start_va = 0x5100000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 2278 start_va = 0x5200000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 2279 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2280 start_va = 0x5400000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 2281 start_va = 0x5500000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 2282 start_va = 0x5580000 end_va = 0x55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005580000" filename = "" Region: id = 2283 start_va = 0x5600000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 2284 start_va = 0x5680000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005680000" filename = "" Region: id = 2285 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 2286 start_va = 0x5800000 end_va = 0x58fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005800000" filename = "" Region: id = 2287 start_va = 0x5900000 end_va = 0x597ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005900000" filename = "" Region: id = 2288 start_va = 0x5980000 end_va = 0x5990fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 2289 start_va = 0x59a0000 end_va = 0x59b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 2290 start_va = 0x59d0000 end_va = 0x59d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059d0000" filename = "" Region: id = 2291 start_va = 0x59f0000 end_va = 0x59f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059f0000" filename = "" Region: id = 2292 start_va = 0x5a00000 end_va = 0x5a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 2293 start_va = 0x5a80000 end_va = 0x5afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a80000" filename = "" Region: id = 2294 start_va = 0x5b00000 end_va = 0x5b10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 2295 start_va = 0x5b30000 end_va = 0x5b36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b30000" filename = "" Region: id = 2296 start_va = 0x5b40000 end_va = 0x5c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b40000" filename = "" Region: id = 2297 start_va = 0x5c40000 end_va = 0x5d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c40000" filename = "" Region: id = 2298 start_va = 0x5d40000 end_va = 0x5dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d40000" filename = "" Region: id = 2299 start_va = 0x5dc0000 end_va = 0x5ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005dc0000" filename = "" Region: id = 2300 start_va = 0x5ec0000 end_va = 0x5f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ec0000" filename = "" Region: id = 2301 start_va = 0x5f40000 end_va = 0x5fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f40000" filename = "" Region: id = 2302 start_va = 0x5fc0000 end_va = 0x603ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 2303 start_va = 0x6040000 end_va = 0x6050fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 2304 start_va = 0x6060000 end_va = 0x6070fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 2305 start_va = 0x6080000 end_va = 0x6090fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 2306 start_va = 0x60b0000 end_va = 0x60b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060b0000" filename = "" Region: id = 2307 start_va = 0x60c0000 end_va = 0x60e7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 2308 start_va = 0x6100000 end_va = 0x61fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006100000" filename = "" Region: id = 2309 start_va = 0x6200000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 2310 start_va = 0x6300000 end_va = 0x63fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006300000" filename = "" Region: id = 2311 start_va = 0x6400000 end_va = 0x64fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006400000" filename = "" Region: id = 2312 start_va = 0x6500000 end_va = 0x65fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 2313 start_va = 0x6600000 end_va = 0x66fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006600000" filename = "" Region: id = 2314 start_va = 0x6700000 end_va = 0x67fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006700000" filename = "" Region: id = 2315 start_va = 0x6800000 end_va = 0x68fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006800000" filename = "" Region: id = 2316 start_va = 0x6900000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 2317 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 2318 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 2319 start_va = 0x6d00000 end_va = 0x6dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d00000" filename = "" Region: id = 2320 start_va = 0x6e00000 end_va = 0x6efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e00000" filename = "" Region: id = 2321 start_va = 0x6f00000 end_va = 0x6ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f00000" filename = "" Region: id = 2322 start_va = 0x7000000 end_va = 0x70fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007000000" filename = "" Region: id = 2323 start_va = 0x7100000 end_va = 0x71fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 2324 start_va = 0x7200000 end_va = 0x72fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007200000" filename = "" Region: id = 2325 start_va = 0x7300000 end_va = 0x73fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007300000" filename = "" Region: id = 2326 start_va = 0x7400000 end_va = 0x74fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007400000" filename = "" Region: id = 2327 start_va = 0x7500000 end_va = 0x75fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007500000" filename = "" Region: id = 2328 start_va = 0x7600000 end_va = 0x7630fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 2329 start_va = 0x7640000 end_va = 0x7650fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 2330 start_va = 0x7660000 end_va = 0x7670fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 2331 start_va = 0x7680000 end_va = 0x76b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 2332 start_va = 0x76c0000 end_va = 0x76f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 2333 start_va = 0x7700000 end_va = 0x77fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007700000" filename = "" Region: id = 2334 start_va = 0x7800000 end_va = 0x78fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007800000" filename = "" Region: id = 2335 start_va = 0x7900000 end_va = 0x79fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007900000" filename = "" Region: id = 2336 start_va = 0x7a00000 end_va = 0x7afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a00000" filename = "" Region: id = 2337 start_va = 0x7b00000 end_va = 0x7bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b00000" filename = "" Region: id = 2338 start_va = 0x7c00000 end_va = 0x7cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c00000" filename = "" Region: id = 2339 start_va = 0x7d00000 end_va = 0x7dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d00000" filename = "" Region: id = 2340 start_va = 0x7e00000 end_va = 0x7efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e00000" filename = "" Region: id = 2341 start_va = 0x7f00000 end_va = 0x7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f00000" filename = "" Region: id = 2342 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2343 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2344 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2345 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2346 start_va = 0x7ff6f9ec0000 end_va = 0x7ff6f9eccfff monitored = 0 entry_point = 0x7ff6f9ec3980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2347 start_va = 0x7ffb3db20000 end_va = 0x7ffb3db5efff monitored = 0 entry_point = 0x7ffb3db482d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 2348 start_va = 0x7ffb3db60000 end_va = 0x7ffb3db95fff monitored = 0 entry_point = 0x7ffb3db627f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 2349 start_va = 0x7ffb3dd20000 end_va = 0x7ffb3dd30fff monitored = 0 entry_point = 0x7ffb3dd27480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 2350 start_va = 0x7ffb3dd40000 end_va = 0x7ffb3ddc3fff monitored = 0 entry_point = 0x7ffb3dd58d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 2351 start_va = 0x7ffb3ddd0000 end_va = 0x7ffb3dddefff monitored = 0 entry_point = 0x7ffb3ddd4960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 2352 start_va = 0x7ffb3de50000 end_va = 0x7ffb3de65fff monitored = 0 entry_point = 0x7ffb3de555e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2353 start_va = 0x7ffb3de70000 end_va = 0x7ffb3df45fff monitored = 0 entry_point = 0x7ffb3de9a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 2354 start_va = 0x7ffb3df50000 end_va = 0x7ffb3dfb3fff monitored = 0 entry_point = 0x7ffb3df6bed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 2355 start_va = 0x7ffb3dfc0000 end_va = 0x7ffb3dfe4fff monitored = 0 entry_point = 0x7ffb3dfc9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2356 start_va = 0x7ffb3dff0000 end_va = 0x7ffb3e003fff monitored = 0 entry_point = 0x7ffb3dff1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2357 start_va = 0x7ffb3e010000 end_va = 0x7ffb3e105fff monitored = 0 entry_point = 0x7ffb3e049590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2358 start_va = 0x7ffb3e110000 end_va = 0x7ffb3e183fff monitored = 0 entry_point = 0x7ffb3e125eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 2359 start_va = 0x7ffb3e190000 end_va = 0x7ffb3e2c6fff monitored = 0 entry_point = 0x7ffb3e1d0480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 2360 start_va = 0x7ffb3e340000 end_va = 0x7ffb3e355fff monitored = 0 entry_point = 0x7ffb3e341af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2361 start_va = 0x7ffb3e360000 end_va = 0x7ffb3e379fff monitored = 0 entry_point = 0x7ffb3e362330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2362 start_va = 0x7ffb3e380000 end_va = 0x7ffb3e38cfff monitored = 0 entry_point = 0x7ffb3e381420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 2363 start_va = 0x7ffb3f0a0000 end_va = 0x7ffb3f0b0fff monitored = 0 entry_point = 0x7ffb3f0a2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2364 start_va = 0x7ffb3f0c0000 end_va = 0x7ffb3f0ddfff monitored = 0 entry_point = 0x7ffb3f0c3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2365 start_va = 0x7ffb3f0e0000 end_va = 0x7ffb3f161fff monitored = 0 entry_point = 0x7ffb3f0e2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 2366 start_va = 0x7ffb3f1b0000 end_va = 0x7ffb3f1f5fff monitored = 0 entry_point = 0x7ffb3f1b79a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 2367 start_va = 0x7ffb3f200000 end_va = 0x7ffb3f23ffff monitored = 0 entry_point = 0x7ffb3f20cbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 2368 start_va = 0x7ffb3f240000 end_va = 0x7ffb3f286fff monitored = 0 entry_point = 0x7ffb3f241d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 2369 start_va = 0x7ffb3f290000 end_va = 0x7ffb3f2d1fff monitored = 0 entry_point = 0x7ffb3f293670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 2370 start_va = 0x7ffb3f700000 end_va = 0x7ffb3f71efff monitored = 0 entry_point = 0x7ffb3f7037e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 2371 start_va = 0x7ffb3f720000 end_va = 0x7ffb3f798fff monitored = 0 entry_point = 0x7ffb3f7276a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 2372 start_va = 0x7ffb3f830000 end_va = 0x7ffb3f847fff monitored = 0 entry_point = 0x7ffb3f834e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 2373 start_va = 0x7ffb3f850000 end_va = 0x7ffb3f874fff monitored = 0 entry_point = 0x7ffb3f855ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 2374 start_va = 0x7ffb3f890000 end_va = 0x7ffb3f8d0fff monitored = 0 entry_point = 0x7ffb3f893750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 2375 start_va = 0x7ffb3f8e0000 end_va = 0x7ffb3f9d2fff monitored = 0 entry_point = 0x7ffb3f905d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2376 start_va = 0x7ffb3fa10000 end_va = 0x7ffb3fab2fff monitored = 0 entry_point = 0x7ffb3fa12c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 2377 start_va = 0x7ffb3fac0000 end_va = 0x7ffb3fb11fff monitored = 0 entry_point = 0x7ffb3fac5770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 2378 start_va = 0x7ffb3fb20000 end_va = 0x7ffb3fb4dfff monitored = 1 entry_point = 0x7ffb3fb22300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 2379 start_va = 0x7ffb3fb50000 end_va = 0x7ffb3fbadfff monitored = 0 entry_point = 0x7ffb3fb55080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 2380 start_va = 0x7ffb3fbb0000 end_va = 0x7ffb3fbcffff monitored = 0 entry_point = 0x7ffb3fbb1f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 2381 start_va = 0x7ffb3fbd0000 end_va = 0x7ffb3fbe0fff monitored = 0 entry_point = 0x7ffb3fbd1d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 2382 start_va = 0x7ffb3fd20000 end_va = 0x7ffb3fd6bfff monitored = 0 entry_point = 0x7ffb3fd35310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 2383 start_va = 0x7ffb3fd70000 end_va = 0x7ffb3fdeefff monitored = 0 entry_point = 0x7ffb3fd87110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2384 start_va = 0x7ffb3fdf0000 end_va = 0x7ffb3fe2bfff monitored = 0 entry_point = 0x7ffb3fdf6aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 2385 start_va = 0x7ffb40f50000 end_va = 0x7ffb40f67fff monitored = 0 entry_point = 0x7ffb40f52000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 2386 start_va = 0x7ffb40f70000 end_va = 0x7ffb410f1fff monitored = 0 entry_point = 0x7ffb40f882a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 2387 start_va = 0x7ffb41100000 end_va = 0x7ffb41108fff monitored = 0 entry_point = 0x7ffb411018f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 2388 start_va = 0x7ffb41110000 end_va = 0x7ffb4111bfff monitored = 0 entry_point = 0x7ffb411135c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2389 start_va = 0x7ffb43820000 end_va = 0x7ffb43836fff monitored = 0 entry_point = 0x7ffb43826620 region_type = mapped_file name = "msauserext.dll" filename = "\\Windows\\System32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll") Region: id = 2390 start_va = 0x7ffb43840000 end_va = 0x7ffb43a3ffff monitored = 0 entry_point = 0x7ffb438b5240 region_type = mapped_file name = "wlidsvc.dll" filename = "\\Windows\\System32\\wlidsvc.dll" (normalized: "c:\\windows\\system32\\wlidsvc.dll") Region: id = 2391 start_va = 0x7ffb449d0000 end_va = 0x7ffb44c49fff monitored = 0 entry_point = 0x7ffb449ea7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 2392 start_va = 0x7ffb450a0000 end_va = 0x7ffb450affff monitored = 0 entry_point = 0x7ffb450a1690 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 2393 start_va = 0x7ffb450b0000 end_va = 0x7ffb45131fff monitored = 0 entry_point = 0x7ffb450b1790 region_type = mapped_file name = "newdev.dll" filename = "\\Windows\\System32\\newdev.dll" (normalized: "c:\\windows\\system32\\newdev.dll") Region: id = 2394 start_va = 0x7ffb45140000 end_va = 0x7ffb451c3fff monitored = 0 entry_point = 0x7ffb45152830 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 2395 start_va = 0x7ffb451d0000 end_va = 0x7ffb45234fff monitored = 0 entry_point = 0x7ffb451e3170 region_type = mapped_file name = "wuuhext.dll" filename = "\\Windows\\System32\\wuuhext.dll" (normalized: "c:\\windows\\system32\\wuuhext.dll") Region: id = 2396 start_va = 0x7ffb45240000 end_va = 0x7ffb45538fff monitored = 0 entry_point = 0x7ffb45307280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 2397 start_va = 0x7ffb45540000 end_va = 0x7ffb45775fff monitored = 0 entry_point = 0x7ffb455ca450 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 2398 start_va = 0x7ffb459c0000 end_va = 0x7ffb459ddfff monitored = 0 entry_point = 0x7ffb459cef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 2399 start_va = 0x7ffb459e0000 end_va = 0x7ffb459f2fff monitored = 0 entry_point = 0x7ffb459e1b10 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 2400 start_va = 0x7ffb45a40000 end_va = 0x7ffb45a74fff monitored = 0 entry_point = 0x7ffb45a4a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 2401 start_va = 0x7ffb45a80000 end_va = 0x7ffb45aa1fff monitored = 0 entry_point = 0x7ffb45a92540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 2402 start_va = 0x7ffb467a0000 end_va = 0x7ffb467cefff monitored = 0 entry_point = 0x7ffb467aec60 region_type = mapped_file name = "cryptnet.dll" filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll") Region: id = 2403 start_va = 0x7ffb46800000 end_va = 0x7ffb46813fff monitored = 0 entry_point = 0x7ffb46803710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 2404 start_va = 0x7ffb46820000 end_va = 0x7ffb46847fff monitored = 0 entry_point = 0x7ffb4682efc0 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 2405 start_va = 0x7ffb46980000 end_va = 0x7ffb469bffff monitored = 0 entry_point = 0x7ffb46996c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 2406 start_va = 0x7ffb469c0000 end_va = 0x7ffb469c8fff monitored = 0 entry_point = 0x7ffb469c21d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 2407 start_va = 0x7ffb46a30000 end_va = 0x7ffb46aaffff monitored = 0 entry_point = 0x7ffb46a5d280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 2408 start_va = 0x7ffb46ae0000 end_va = 0x7ffb46af5fff monitored = 0 entry_point = 0x7ffb46ae1d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 2409 start_va = 0x7ffb46bc0000 end_va = 0x7ffb46ef9fff monitored = 0 entry_point = 0x7ffb46bc8520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 2410 start_va = 0x7ffb47ac0000 end_va = 0x7ffb47ad1fff monitored = 0 entry_point = 0x7ffb47ac3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2411 start_va = 0x7ffb47ae0000 end_va = 0x7ffb47b73fff monitored = 0 entry_point = 0x7ffb47b19210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 2412 start_va = 0x7ffb47b80000 end_va = 0x7ffb47e22fff monitored = 0 entry_point = 0x7ffb47ba6190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 2413 start_va = 0x7ffb48230000 end_va = 0x7ffb48245fff monitored = 0 entry_point = 0x7ffb4823b550 region_type = mapped_file name = "clipc.dll" filename = "\\Windows\\System32\\Clipc.dll" (normalized: "c:\\windows\\system32\\clipc.dll") Region: id = 2414 start_va = 0x7ffb49f00000 end_va = 0x7ffb49f43fff monitored = 0 entry_point = 0x7ffb49f0c010 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 2415 start_va = 0x7ffb4a8e0000 end_va = 0x7ffb4a8f0fff monitored = 0 entry_point = 0x7ffb4a8e28d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 2416 start_va = 0x7ffb4a940000 end_va = 0x7ffb4a94ffff monitored = 0 entry_point = 0x7ffb4a941700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 2417 start_va = 0x7ffb4a970000 end_va = 0x7ffb4a978fff monitored = 0 entry_point = 0x7ffb4a971ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 2418 start_va = 0x7ffb4a980000 end_va = 0x7ffb4a9acfff monitored = 0 entry_point = 0x7ffb4a982290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 2419 start_va = 0x7ffb4a9b0000 end_va = 0x7ffb4aa01fff monitored = 0 entry_point = 0x7ffb4a9b38e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 2420 start_va = 0x7ffb4aa10000 end_va = 0x7ffb4aa19fff monitored = 0 entry_point = 0x7ffb4aa114c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2421 start_va = 0x7ffb4aa20000 end_va = 0x7ffb4aabafff monitored = 0 entry_point = 0x7ffb4aa27220 region_type = mapped_file name = "settingsync.dll" filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll") Region: id = 2422 start_va = 0x7ffb4ab80000 end_va = 0x7ffb4ab8dfff monitored = 0 entry_point = 0x7ffb4ab81460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 2423 start_va = 0x7ffb4ab90000 end_va = 0x7ffb4aba4fff monitored = 0 entry_point = 0x7ffb4ab92dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 2424 start_va = 0x7ffb4ac40000 end_va = 0x7ffb4acfffff monitored = 0 entry_point = 0x7ffb4ac6fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 2425 start_va = 0x7ffb4ad00000 end_va = 0x7ffb4ad99fff monitored = 0 entry_point = 0x7ffb4ad1ada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 2426 start_va = 0x7ffb4ada0000 end_va = 0x7ffb4ade0fff monitored = 0 entry_point = 0x7ffb4ada4840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 2427 start_va = 0x7ffb4aef0000 end_va = 0x7ffb4af56fff monitored = 0 entry_point = 0x7ffb4aef63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2428 start_va = 0x7ffb4b0f0000 end_va = 0x7ffb4b103fff monitored = 0 entry_point = 0x7ffb4b0f2d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 2429 start_va = 0x7ffb4b2c0000 end_va = 0x7ffb4b2d7fff monitored = 0 entry_point = 0x7ffb4b2c4290 region_type = mapped_file name = "elscore.dll" filename = "\\Windows\\System32\\ELSCore.dll" (normalized: "c:\\windows\\system32\\elscore.dll") Region: id = 2430 start_va = 0x7ffb4b3f0000 end_va = 0x7ffb4b482fff monitored = 0 entry_point = 0x7ffb4b3f9680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 2431 start_va = 0x7ffb4b4d0000 end_va = 0x7ffb4b521fff monitored = 0 entry_point = 0x7ffb4b4d3d30 region_type = mapped_file name = "cryptngc.dll" filename = "\\Windows\\System32\\cryptngc.dll" (normalized: "c:\\windows\\system32\\cryptngc.dll") Region: id = 2432 start_va = 0x7ffb4b5a0000 end_va = 0x7ffb4b5b8fff monitored = 0 entry_point = 0x7ffb4b5a4520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 2433 start_va = 0x7ffb4b760000 end_va = 0x7ffb4b845fff monitored = 0 entry_point = 0x7ffb4b77cf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 2434 start_va = 0x7ffb4b850000 end_va = 0x7ffb4b87dfff monitored = 0 entry_point = 0x7ffb4b857550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 2435 start_va = 0x7ffb4be10000 end_va = 0x7ffb4be1cfff monitored = 0 entry_point = 0x7ffb4be12ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 2436 start_va = 0x7ffb4be20000 end_va = 0x7ffb4be4efff monitored = 0 entry_point = 0x7ffb4be28910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 2437 start_va = 0x7ffb4be50000 end_va = 0x7ffb4be69fff monitored = 0 entry_point = 0x7ffb4be52430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2438 start_va = 0x7ffb4be70000 end_va = 0x7ffb4be85fff monitored = 0 entry_point = 0x7ffb4be719f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2439 start_va = 0x7ffb4c050000 end_va = 0x7ffb4c3d1fff monitored = 0 entry_point = 0x7ffb4c0a1220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2440 start_va = 0x7ffb4c3e0000 end_va = 0x7ffb4c515fff monitored = 0 entry_point = 0x7ffb4c40f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2441 start_va = 0x7ffb4d560000 end_va = 0x7ffb4d608fff monitored = 0 entry_point = 0x7ffb4d589010 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 2442 start_va = 0x7ffb4d610000 end_va = 0x7ffb4d71dfff monitored = 0 entry_point = 0x7ffb4d65eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 2443 start_va = 0x7ffb4da20000 end_va = 0x7ffb4da57fff monitored = 0 entry_point = 0x7ffb4da38cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2444 start_va = 0x7ffb4da60000 end_va = 0x7ffb4da75fff monitored = 0 entry_point = 0x7ffb4da61b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2445 start_va = 0x7ffb4da80000 end_va = 0x7ffb4da8ffff monitored = 0 entry_point = 0x7ffb4da82c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 2446 start_va = 0x7ffb4da90000 end_va = 0x7ffb4da9afff monitored = 0 entry_point = 0x7ffb4da91d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2447 start_va = 0x7ffb4daa0000 end_va = 0x7ffb4daabfff monitored = 0 entry_point = 0x7ffb4daa2830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 2448 start_va = 0x7ffb4db90000 end_va = 0x7ffb4dbd1fff monitored = 0 entry_point = 0x7ffb4db927d0 region_type = mapped_file name = "mstask.dll" filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll") Region: id = 2449 start_va = 0x7ffb4dbe0000 end_va = 0x7ffb4dc4dfff monitored = 0 entry_point = 0x7ffb4dbe7f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 2450 start_va = 0x7ffb4dec0000 end_va = 0x7ffb4ded0fff monitored = 0 entry_point = 0x7ffb4dec3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2451 start_va = 0x7ffb4dee0000 end_va = 0x7ffb4df20fff monitored = 0 entry_point = 0x7ffb4def7eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 2452 start_va = 0x7ffb4df30000 end_va = 0x7ffb4e02bfff monitored = 0 entry_point = 0x7ffb4df66df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 2453 start_va = 0x7ffb4e040000 end_va = 0x7ffb4e056fff monitored = 0 entry_point = 0x7ffb4e045630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 2454 start_va = 0x7ffb4e060000 end_va = 0x7ffb4e11efff monitored = 0 entry_point = 0x7ffb4e081c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 2455 start_va = 0x7ffb4e120000 end_va = 0x7ffb4e1cdfff monitored = 0 entry_point = 0x7ffb4e1380c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 2456 start_va = 0x7ffb4e1d0000 end_va = 0x7ffb4e1e1fff monitored = 0 entry_point = 0x7ffb4e1d9260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 2457 start_va = 0x7ffb4e1f0000 end_va = 0x7ffb4e2a0fff monitored = 0 entry_point = 0x7ffb4e2688b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 2458 start_va = 0x7ffb4e2b0000 end_va = 0x7ffb4e2edfff monitored = 0 entry_point = 0x7ffb4e2ba050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2459 start_va = 0x7ffb4e2f0000 end_va = 0x7ffb4e316fff monitored = 0 entry_point = 0x7ffb4e2f3bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 2460 start_va = 0x7ffb4e3f0000 end_va = 0x7ffb4e414fff monitored = 0 entry_point = 0x7ffb4e402f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 2461 start_va = 0x7ffb4e420000 end_va = 0x7ffb4e430fff monitored = 0 entry_point = 0x7ffb4e427ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 2462 start_va = 0x7ffb4e440000 end_va = 0x7ffb4e452fff monitored = 0 entry_point = 0x7ffb4e4457f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 2463 start_va = 0x7ffb4e480000 end_va = 0x7ffb4e4f9fff monitored = 0 entry_point = 0x7ffb4e4a7630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 2464 start_va = 0x7ffb4e500000 end_va = 0x7ffb4e554fff monitored = 0 entry_point = 0x7ffb4e50fc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 2465 start_va = 0x7ffb4e560000 end_va = 0x7ffb4e579fff monitored = 0 entry_point = 0x7ffb4e562cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 2466 start_va = 0x7ffb4e580000 end_va = 0x7ffb4e58bfff monitored = 0 entry_point = 0x7ffb4e5814d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 2467 start_va = 0x7ffb4e590000 end_va = 0x7ffb4e5f3fff monitored = 0 entry_point = 0x7ffb4e5a5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2468 start_va = 0x7ffb4e7c0000 end_va = 0x7ffb4e7c9fff monitored = 0 entry_point = 0x7ffb4e7c1660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2469 start_va = 0x7ffb4e7d0000 end_va = 0x7ffb4e7e7fff monitored = 0 entry_point = 0x7ffb4e7d5910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2470 start_va = 0x7ffb4e7f0000 end_va = 0x7ffb4e93cfff monitored = 0 entry_point = 0x7ffb4e833da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 2471 start_va = 0x7ffb4e940000 end_va = 0x7ffb4e994fff monitored = 0 entry_point = 0x7ffb4e943fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 2472 start_va = 0x7ffb4e9a0000 end_va = 0x7ffb4e9d6fff monitored = 0 entry_point = 0x7ffb4e9a6020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 2473 start_va = 0x7ffb4e9e0000 end_va = 0x7ffb4e9fffff monitored = 0 entry_point = 0x7ffb4e9e39a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 2474 start_va = 0x7ffb4ea00000 end_va = 0x7ffb4eac7fff monitored = 0 entry_point = 0x7ffb4ea413f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2475 start_va = 0x7ffb4ead0000 end_va = 0x7ffb4eb30fff monitored = 0 entry_point = 0x7ffb4ead4b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 2476 start_va = 0x7ffb4eb40000 end_va = 0x7ffb4ecbbfff monitored = 0 entry_point = 0x7ffb4eb91650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 2477 start_va = 0x7ffb4ecc0000 end_va = 0x7ffb4eccafff monitored = 0 entry_point = 0x7ffb4ecc1770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 2478 start_va = 0x7ffb4ed00000 end_va = 0x7ffb4ed49fff monitored = 0 entry_point = 0x7ffb4ed0ac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 2479 start_va = 0x7ffb4ed50000 end_va = 0x7ffb4ed78fff monitored = 0 entry_point = 0x7ffb4ed5ca00 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2480 start_va = 0x7ffb4f610000 end_va = 0x7ffb4f6a1fff monitored = 0 entry_point = 0x7ffb4f65a780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 2481 start_va = 0x7ffb4f750000 end_va = 0x7ffb4f785fff monitored = 0 entry_point = 0x7ffb4f760070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2482 start_va = 0x7ffb4f790000 end_va = 0x7ffb4f7a3fff monitored = 0 entry_point = 0x7ffb4f795080 region_type = mapped_file name = "windows.staterepositorybroker.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryBroker.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorybroker.dll") Region: id = 2483 start_va = 0x7ffb4fb70000 end_va = 0x7ffb50002fff monitored = 0 entry_point = 0x7ffb4fb7f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 2484 start_va = 0x7ffb50010000 end_va = 0x7ffb50076fff monitored = 0 entry_point = 0x7ffb5002e710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 2485 start_va = 0x7ffb50480000 end_va = 0x7ffb5053dfff monitored = 0 entry_point = 0x7ffb504c2d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 2486 start_va = 0x7ffb50930000 end_va = 0x7ffb50ab5fff monitored = 0 entry_point = 0x7ffb5097d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2487 start_va = 0x7ffb50ac0000 end_va = 0x7ffb50adbfff monitored = 0 entry_point = 0x7ffb50ac37a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 2488 start_va = 0x7ffb50ae0000 end_va = 0x7ffb50b11fff monitored = 0 entry_point = 0x7ffb50aeb0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 2489 start_va = 0x7ffb50b20000 end_va = 0x7ffb50b32fff monitored = 0 entry_point = 0x7ffb50b22760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2490 start_va = 0x7ffb50c90000 end_va = 0x7ffb50c97fff monitored = 0 entry_point = 0x7ffb50c913e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 2491 start_va = 0x7ffb50cd0000 end_va = 0x7ffb50d0ffff monitored = 0 entry_point = 0x7ffb50ce1960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 2492 start_va = 0x7ffb50e20000 end_va = 0x7ffb50eb5fff monitored = 0 entry_point = 0x7ffb50e45570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2493 start_va = 0x7ffb50ec0000 end_va = 0x7ffb50ee6fff monitored = 0 entry_point = 0x7ffb50ec7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2494 start_va = 0x7ffb50f10000 end_va = 0x7ffb50fb9fff monitored = 0 entry_point = 0x7ffb50f37910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2495 start_va = 0x7ffb50fc0000 end_va = 0x7ffb510bffff monitored = 0 entry_point = 0x7ffb51000f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 2496 start_va = 0x7ffb51150000 end_va = 0x7ffb5115bfff monitored = 0 entry_point = 0x7ffb51152480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 2497 start_va = 0x7ffb51220000 end_va = 0x7ffb51251fff monitored = 0 entry_point = 0x7ffb51232340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2498 start_va = 0x7ffb51490000 end_va = 0x7ffb5149bfff monitored = 0 entry_point = 0x7ffb51492790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 2499 start_va = 0x7ffb514a0000 end_va = 0x7ffb514c3fff monitored = 0 entry_point = 0x7ffb514a3260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2500 start_va = 0x7ffb51640000 end_va = 0x7ffb51733fff monitored = 0 entry_point = 0x7ffb5164a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2501 start_va = 0x7ffb51790000 end_va = 0x7ffb517d8fff monitored = 0 entry_point = 0x7ffb5179a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 2502 start_va = 0x7ffb518b0000 end_va = 0x7ffb518bbfff monitored = 0 entry_point = 0x7ffb518b27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2503 start_va = 0x7ffb518f0000 end_va = 0x7ffb518fcfff monitored = 0 entry_point = 0x7ffb518f1fe0 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 2504 start_va = 0x7ffb51990000 end_va = 0x7ffb519c0fff monitored = 0 entry_point = 0x7ffb51997d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2505 start_va = 0x7ffb519f0000 end_va = 0x7ffb51a69fff monitored = 0 entry_point = 0x7ffb51a11a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2506 start_va = 0x7ffb51ab0000 end_va = 0x7ffb51ae3fff monitored = 0 entry_point = 0x7ffb51acae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2507 start_va = 0x7ffb51af0000 end_va = 0x7ffb51af9fff monitored = 0 entry_point = 0x7ffb51af1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 2508 start_va = 0x7ffb51c00000 end_va = 0x7ffb51c1efff monitored = 0 entry_point = 0x7ffb51c05d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2509 start_va = 0x7ffb51d70000 end_va = 0x7ffb51dcbfff monitored = 0 entry_point = 0x7ffb51d86f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2510 start_va = 0x7ffb51e20000 end_va = 0x7ffb51e36fff monitored = 0 entry_point = 0x7ffb51e279d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2511 start_va = 0x7ffb51f40000 end_va = 0x7ffb51f4afff monitored = 0 entry_point = 0x7ffb51f419a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2512 start_va = 0x7ffb51f80000 end_va = 0x7ffb51fa0fff monitored = 0 entry_point = 0x7ffb51f90250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 2513 start_va = 0x7ffb51fd0000 end_va = 0x7ffb52009fff monitored = 0 entry_point = 0x7ffb51fd8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 2514 start_va = 0x7ffb52010000 end_va = 0x7ffb52036fff monitored = 0 entry_point = 0x7ffb52020aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2515 start_va = 0x7ffb52120000 end_va = 0x7ffb5214cfff monitored = 0 entry_point = 0x7ffb52139d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2516 start_va = 0x7ffb522b0000 end_va = 0x7ffb52305fff monitored = 0 entry_point = 0x7ffb522c0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2517 start_va = 0x7ffb52310000 end_va = 0x7ffb52328fff monitored = 0 entry_point = 0x7ffb52315e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 2518 start_va = 0x7ffb52330000 end_va = 0x7ffb52358fff monitored = 0 entry_point = 0x7ffb52344530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2519 start_va = 0x7ffb52360000 end_va = 0x7ffb523f8fff monitored = 0 entry_point = 0x7ffb5238f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 2520 start_va = 0x7ffb524a0000 end_va = 0x7ffb524b3fff monitored = 0 entry_point = 0x7ffb524a52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2521 start_va = 0x7ffb524c0000 end_va = 0x7ffb5250afff monitored = 0 entry_point = 0x7ffb524c35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2522 start_va = 0x7ffb52510000 end_va = 0x7ffb5251ffff monitored = 0 entry_point = 0x7ffb525156e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2523 start_va = 0x7ffb52520000 end_va = 0x7ffb5252efff monitored = 0 entry_point = 0x7ffb52523210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2524 start_va = 0x7ffb52530000 end_va = 0x7ffb52b73fff monitored = 0 entry_point = 0x7ffb526f64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2525 start_va = 0x7ffb52c30000 end_va = 0x7ffb52c84fff monitored = 0 entry_point = 0x7ffb52c47970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2526 start_va = 0x7ffb52c90000 end_va = 0x7ffb52cd2fff monitored = 0 entry_point = 0x7ffb52ca4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2527 start_va = 0x7ffb52ce0000 end_va = 0x7ffb52d94fff monitored = 0 entry_point = 0x7ffb52d222e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2528 start_va = 0x7ffb52da0000 end_va = 0x7ffb52db6fff monitored = 0 entry_point = 0x7ffb52da1390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2529 start_va = 0x7ffb52dc0000 end_va = 0x7ffb52fa7fff monitored = 0 entry_point = 0x7ffb52deba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2530 start_va = 0x7ffb52fb0000 end_va = 0x7ffb53035fff monitored = 0 entry_point = 0x7ffb52fbd8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2531 start_va = 0x7ffb53040000 end_va = 0x7ffb53206fff monitored = 0 entry_point = 0x7ffb5309db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2532 start_va = 0x7ffb53210000 end_va = 0x7ffb53279fff monitored = 0 entry_point = 0x7ffb53246d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2533 start_va = 0x7ffb53280000 end_va = 0x7ffb53326fff monitored = 0 entry_point = 0x7ffb532958d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2534 start_va = 0x7ffb53540000 end_va = 0x7ffb53591fff monitored = 0 entry_point = 0x7ffb5354f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2535 start_va = 0x7ffb53700000 end_va = 0x7ffb5379cfff monitored = 0 entry_point = 0x7ffb537078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2536 start_va = 0x7ffb537a0000 end_va = 0x7ffb53925fff monitored = 0 entry_point = 0x7ffb537effc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2537 start_va = 0x7ffb53930000 end_va = 0x7ffb54e8efff monitored = 0 entry_point = 0x7ffb53a911f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2538 start_va = 0x7ffb54e90000 end_va = 0x7ffb54fabfff monitored = 0 entry_point = 0x7ffb54ed02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2539 start_va = 0x7ffb55020000 end_va = 0x7ffb55027fff monitored = 0 entry_point = 0x7ffb55021ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2540 start_va = 0x7ffb55050000 end_va = 0x7ffb551a5fff monitored = 0 entry_point = 0x7ffb5505a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2541 start_va = 0x7ffb551c0000 end_va = 0x7ffb555e8fff monitored = 0 entry_point = 0x7ffb551e8740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2542 start_va = 0x7ffb555f0000 end_va = 0x7ffb5565afff monitored = 0 entry_point = 0x7ffb556090c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2543 start_va = 0x7ffb55660000 end_va = 0x7ffb557a2fff monitored = 0 entry_point = 0x7ffb55688210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2544 start_va = 0x7ffb55800000 end_va = 0x7ffb55a7cfff monitored = 0 entry_point = 0x7ffb558d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2545 start_va = 0x7ffb55a80000 end_va = 0x7ffb55b26fff monitored = 0 entry_point = 0x7ffb55a8b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2546 start_va = 0x7ffb55b30000 end_va = 0x7ffb55b8bfff monitored = 0 entry_point = 0x7ffb55b4b720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2547 start_va = 0x7ffb55b90000 end_va = 0x7ffb55beafff monitored = 0 entry_point = 0x7ffb55ba38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2548 start_va = 0x7ffb55bf0000 end_va = 0x7ffb55cb0fff monitored = 0 entry_point = 0x7ffb55c10da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2549 start_va = 0x7ffb55cc0000 end_va = 0x7ffb55d6cfff monitored = 0 entry_point = 0x7ffb55cd81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2550 start_va = 0x7ffb55e80000 end_va = 0x7ffb56040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2562 start_va = 0x7a00000 end_va = 0x7b09fff monitored = 0 entry_point = 0x7a67960 region_type = mapped_file name = "sysmain.dll" filename = "\\Windows\\System32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll") Region: id = 2563 start_va = 0x7a00000 end_va = 0x7b09fff monitored = 0 entry_point = 0x7a67960 region_type = mapped_file name = "sysmain.dll" filename = "\\Windows\\System32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll") Region: id = 2564 start_va = 0x7a00000 end_va = 0x7b09fff monitored = 0 entry_point = 0x7a67960 region_type = mapped_file name = "sysmain.dll" filename = "\\Windows\\System32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll") Region: id = 2565 start_va = 0x7a00000 end_va = 0x7b09fff monitored = 0 entry_point = 0x7a67960 region_type = mapped_file name = "sysmain.dll" filename = "\\Windows\\System32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll") Region: id = 2844 start_va = 0x4ae0000 end_va = 0x4ae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ae0000" filename = "" Region: id = 2973 start_va = 0x4ae0000 end_va = 0x4ae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ae0000" filename = "" Region: id = 3032 start_va = 0x8000000 end_va = 0x80fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008000000" filename = "" Region: id = 3033 start_va = 0x8100000 end_va = 0x81fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008100000" filename = "" Region: id = 3034 start_va = 0x8200000 end_va = 0x82fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008200000" filename = "" Region: id = 3035 start_va = 0x8300000 end_va = 0x83fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008300000" filename = "" Region: id = 3036 start_va = 0x8400000 end_va = 0x84fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008400000" filename = "" Region: id = 3043 start_va = 0x4ae0000 end_va = 0x4ae1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ae0000" filename = "" Thread: id = 188 os_tid = 0xde8 Thread: id = 189 os_tid = 0xde4 Thread: id = 190 os_tid = 0xde0 Thread: id = 191 os_tid = 0xddc Thread: id = 192 os_tid = 0xdd8 Thread: id = 193 os_tid = 0xdd4 Thread: id = 194 os_tid = 0xcdc Thread: id = 195 os_tid = 0xb74 Thread: id = 196 os_tid = 0xb70 Thread: id = 197 os_tid = 0xb5c Thread: id = 198 os_tid = 0xb58 Thread: id = 199 os_tid = 0xb54 Thread: id = 200 os_tid = 0xaec Thread: id = 201 os_tid = 0xae0 Thread: id = 202 os_tid = 0xad8 Thread: id = 203 os_tid = 0xad4 Thread: id = 204 os_tid = 0xaa8 Thread: id = 205 os_tid = 0xa9c Thread: id = 206 os_tid = 0xa94 Thread: id = 207 os_tid = 0xa90 Thread: id = 208 os_tid = 0xa88 Thread: id = 209 os_tid = 0xa74 Thread: id = 210 os_tid = 0xa40 Thread: id = 211 os_tid = 0xa2c Thread: id = 212 os_tid = 0xa24 Thread: id = 213 os_tid = 0xa1c Thread: id = 214 os_tid = 0xa18 Thread: id = 215 os_tid = 0xa08 Thread: id = 216 os_tid = 0xa04 Thread: id = 217 os_tid = 0xa00 Thread: id = 218 os_tid = 0x9f8 Thread: id = 219 os_tid = 0x9f4 Thread: id = 220 os_tid = 0x9f0 Thread: id = 221 os_tid = 0x9ec Thread: id = 222 os_tid = 0x9e8 Thread: id = 223 os_tid = 0x9e4 Thread: id = 224 os_tid = 0x9a0 Thread: id = 225 os_tid = 0x964 Thread: id = 226 os_tid = 0x950 Thread: id = 227 os_tid = 0x8c0 Thread: id = 228 os_tid = 0x4f8 Thread: id = 229 os_tid = 0x704 Thread: id = 230 os_tid = 0x6f8 Thread: id = 231 os_tid = 0x524 Thread: id = 232 os_tid = 0x4d0 Thread: id = 233 os_tid = 0x4c8 Thread: id = 234 os_tid = 0x408 Thread: id = 235 os_tid = 0x580 Thread: id = 236 os_tid = 0x46c Thread: id = 237 os_tid = 0x610 Thread: id = 238 os_tid = 0x5fc Thread: id = 239 os_tid = 0x56c Thread: id = 240 os_tid = 0x4d4 Thread: id = 241 os_tid = 0x48c Thread: id = 242 os_tid = 0x488 Thread: id = 243 os_tid = 0x430 Thread: id = 244 os_tid = 0x428 Thread: id = 245 os_tid = 0x2c8 Thread: id = 246 os_tid = 0x398 Thread: id = 247 os_tid = 0x39c Thread: id = 248 os_tid = 0x338 Thread: id = 249 os_tid = 0x318 Thread: id = 250 os_tid = 0x2e8 Thread: id = 251 os_tid = 0x28c Thread: id = 252 os_tid = 0x16c Thread: id = 253 os_tid = 0x190 Thread: id = 254 os_tid = 0x18c Thread: id = 255 os_tid = 0x120 Thread: id = 256 os_tid = 0x11c Thread: id = 257 os_tid = 0x60 Thread: id = 258 os_tid = 0x3f8 Thread: id = 259 os_tid = 0x3f4 Thread: id = 284 os_tid = 0xf50 Thread: id = 285 os_tid = 0xf54 Thread: id = 286 os_tid = 0xf58 Thread: id = 287 os_tid = 0xf5c Thread: id = 288 os_tid = 0xf60 Process: id = "12" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x4395f000" os_pid = "0xea0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0xd10" cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\xlpVvRzhctudF\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010021" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2673 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2674 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2675 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2676 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2677 start_va = 0xa0000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2678 start_va = 0xe0000 end_va = 0xe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2679 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 2680 start_va = 0x100000 end_va = 0x101fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2681 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2682 start_va = 0x1220000 end_va = 0x1251fff monitored = 1 entry_point = 0x12405b0 region_type = mapped_file name = "schtasks.exe" filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe") Region: id = 2683 start_va = 0x1260000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001260000" filename = "" Region: id = 2684 start_va = 0x77700000 end_va = 0x7787afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2685 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2686 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2687 start_va = 0x7fff0000 end_va = 0x7dfb55e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2688 start_va = 0x7dfb55e80000 end_va = 0x7ffb55e7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfb55e80000" filename = "" Region: id = 2689 start_va = 0x7ffb55e80000 end_va = 0x7ffb56040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2690 start_va = 0x7ffb56041000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb56041000" filename = "" Region: id = 2710 start_va = 0x1b0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2711 start_va = 0x67fa0000 end_va = 0x67feffff monitored = 0 entry_point = 0x67fb8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2712 start_va = 0x67ff0000 end_va = 0x68069fff monitored = 0 entry_point = 0x68003290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2713 start_va = 0x765a0000 end_va = 0x7667ffff monitored = 0 entry_point = 0x765b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2714 start_va = 0x67f90000 end_va = 0x67f97fff monitored = 0 entry_point = 0x67f917c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2715 start_va = 0x400000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2716 start_va = 0x765a0000 end_va = 0x7667ffff monitored = 0 entry_point = 0x765b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2717 start_va = 0x76420000 end_va = 0x7659dfff monitored = 0 entry_point = 0x764d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2719 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2720 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2877 start_va = 0x570000 end_va = 0x62dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2878 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2879 start_va = 0x75c00000 end_va = 0x75cbdfff monitored = 0 entry_point = 0x75c35630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2880 start_va = 0x110000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2881 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2882 start_va = 0x74510000 end_va = 0x745a1fff monitored = 0 entry_point = 0x74548cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2883 start_va = 0x76790000 end_va = 0x7694cfff monitored = 0 entry_point = 0x76872a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2884 start_va = 0x76370000 end_va = 0x7641cfff monitored = 0 entry_point = 0x76384f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2885 start_va = 0x74430000 end_va = 0x7444dfff monitored = 0 entry_point = 0x7443b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2886 start_va = 0x74420000 end_va = 0x74429fff monitored = 0 entry_point = 0x74422a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2887 start_va = 0x744b0000 end_va = 0x74507fff monitored = 0 entry_point = 0x744f25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2888 start_va = 0x76150000 end_va = 0x76193fff monitored = 0 entry_point = 0x76169d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2889 start_va = 0x630000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 2890 start_va = 0x630000 end_va = 0x719fff monitored = 0 entry_point = 0x66d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2891 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2894 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2895 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2896 start_va = 0x790000 end_va = 0xb8afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 2897 start_va = 0xb90000 end_va = 0xec6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2898 start_va = 0x76340000 end_va = 0x7634bfff monitored = 0 entry_point = 0x76343930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 2902 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2903 start_va = 0x74610000 end_va = 0x74693fff monitored = 0 entry_point = 0x74636220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2904 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2907 start_va = 0x6e670000 end_va = 0x6e6fbfff monitored = 0 entry_point = 0x6e6aa6c0 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll") Region: id = 2909 start_va = 0x630000 end_va = 0x70ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Thread: id = 269 os_tid = 0xea4 [0273.345] GetModuleHandleA (lpModuleName=0x0) returned 0x1220000 [0273.345] __set_app_type (_Type=0x1) [0273.345] __p__fmode () returned 0x75cb4d6c [0273.345] __p__commode () returned 0x75cb5b1c [0273.345] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1240840) returned 0x0 [0273.345] __wgetmainargs (in: _Argc=0x124ade0, _Argv=0x124ade4, _Env=0x124ade8, _DoWildCard=0, _StartInfo=0x124adf4 | out: _Argc=0x124ade0, _Argv=0x124ade4, _Env=0x124ade8) returned 0 [0273.346] _onexit (_Func=0x1242bc0) returned 0x1242bc0 [0273.346] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0273.346] WinSqmIsOptedIn () returned 0x0 [0273.346] GetProcessHeap () returned 0x470000 [0273.346] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x477498 [0273.346] RtlRestoreLastWin32Error () returned 0x0 [0273.346] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0273.346] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0273.346] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0273.346] RtlVerifyVersionInfo (VersionInfo=0xdf9f8, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0273.346] GetProcessHeap () returned 0x470000 [0273.346] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x477450 [0273.346] lstrlenW (lpString="") returned 0 [0273.346] GetProcessHeap () returned 0x470000 [0273.346] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x2) returned 0x470598 [0273.346] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x476ec0 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x477510 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x476c88 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x476ca8 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x476cc8 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4768b8 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x4774e0 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4768d8 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4768f8 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x476650 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x476670 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x477408 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x476690 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4727f8 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x472818 [0273.347] GetProcessHeap () returned 0x470000 [0273.347] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x472838 [0273.347] SetThreadUILanguage (LangId=0x0) returned 0x409 [0273.402] RtlRestoreLastWin32Error () returned 0x0 [0273.402] GetProcessHeap () returned 0x470000 [0273.402] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4794e0 [0273.402] GetProcessHeap () returned 0x470000 [0273.402] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x479380 [0273.402] GetProcessHeap () returned 0x470000 [0273.402] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x479480 [0273.402] GetProcessHeap () returned 0x470000 [0273.402] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4792c0 [0273.402] GetProcessHeap () returned 0x470000 [0273.402] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4792e0 [0273.402] GetProcessHeap () returned 0x470000 [0273.402] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x477468 [0273.402] _memicmp (_Buf1=0x477468, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.402] GetProcessHeap () returned 0x470000 [0273.402] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x208) returned 0x479520 [0273.402] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x479520, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0273.402] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdfb04 | out: lpdwHandle=0xdfb04) returned 0x76c [0273.404] GetProcessHeap () returned 0x470000 [0273.404] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x776) returned 0x479de0 [0273.404] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x479de0 | out: lpData=0x479de0) returned 1 [0273.404] VerQueryValueW (in: pBlock=0x479de0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdfb0c, puLen=0xdfb10 | out: lplpBuffer=0xdfb0c*=0x47a190, puLen=0xdfb10) returned 1 [0273.407] _memicmp (_Buf1=0x477468, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.407] _vsnwprintf (in: _Buffer=0x479520, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdfaf0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0273.407] VerQueryValueW (in: pBlock=0x479de0, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdfb1c, puLen=0xdfb18 | out: lplpBuffer=0xdfb1c*=0x479fc0, puLen=0xdfb18) returned 1 [0273.407] lstrlenW (lpString="schtasks.exe") returned 12 [0273.407] lstrlenW (lpString="schtasks.exe") returned 12 [0273.407] lstrlenW (lpString=".EXE") returned 4 [0273.407] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0273.408] lstrlenW (lpString="schtasks.exe") returned 12 [0273.408] lstrlenW (lpString=".EXE") returned 4 [0273.408] _memicmp (_Buf1=0x477468, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.408] lstrlenW (lpString="schtasks") returned 8 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4791a0 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x479320 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x479360 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x479340 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x477420 [0273.408] _memicmp (_Buf1=0x477420, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0xa0) returned 0x47a690 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4793c0 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4791c0 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x479420 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x4774c8 [0273.408] _memicmp (_Buf1=0x4774c8, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.408] GetProcessHeap () returned 0x470000 [0273.408] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x200) returned 0x47a738 [0273.409] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x47a738, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0273.409] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0273.409] GetProcessHeap () returned 0x470000 [0273.409] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x30) returned 0x476b28 [0273.409] _vsnwprintf (in: _Buffer=0x47a690, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdfaf4 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0273.409] GetProcessHeap () returned 0x470000 [0273.409] GetProcessHeap () returned 0x470000 [0273.409] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479de0) returned 1 [0273.409] GetProcessHeap () returned 0x470000 [0273.409] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479de0) returned 0x776 [0273.409] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479de0) returned 1 [0273.409] RtlRestoreLastWin32Error () returned 0x0 [0273.409] GetThreadLocale () returned 0x409 [0273.409] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.409] lstrlenW (lpString="?") returned 1 [0273.409] GetThreadLocale () returned 0x409 [0273.409] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.409] lstrlenW (lpString="create") returned 6 [0273.409] GetThreadLocale () returned 0x409 [0273.409] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.409] lstrlenW (lpString="delete") returned 6 [0273.409] GetThreadLocale () returned 0x409 [0273.409] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.409] lstrlenW (lpString="query") returned 5 [0273.409] GetThreadLocale () returned 0x409 [0273.410] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.410] lstrlenW (lpString="change") returned 6 [0273.410] GetThreadLocale () returned 0x409 [0273.410] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.410] lstrlenW (lpString="run") returned 3 [0273.410] GetThreadLocale () returned 0x409 [0273.410] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.410] lstrlenW (lpString="end") returned 3 [0273.410] GetThreadLocale () returned 0x409 [0273.410] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.410] lstrlenW (lpString="showsid") returned 7 [0273.410] GetThreadLocale () returned 0x409 [0273.410] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.410] RtlRestoreLastWin32Error () returned 0x0 [0273.410] RtlRestoreLastWin32Error () returned 0x0 [0273.410] lstrlenW (lpString="/Create") returned 7 [0273.410] lstrlenW (lpString="-/") returned 2 [0273.410] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/" [0273.410] lstrlenW (lpString="?") returned 1 [0273.410] lstrlenW (lpString="?") returned 1 [0273.410] GetProcessHeap () returned 0x470000 [0273.410] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x477540 [0273.410] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.410] GetProcessHeap () returned 0x470000 [0273.410] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0xa) returned 0x477558 [0273.410] lstrlenW (lpString="Create") returned 6 [0273.410] GetProcessHeap () returned 0x470000 [0273.410] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x477390 [0273.410] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.410] GetProcessHeap () returned 0x470000 [0273.410] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x479240 [0273.410] _vsnwprintf (in: _Buffer=0x477558, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3 [0273.410] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8 [0273.410] lstrlenW (lpString="|?|") returned 3 [0273.410] lstrlenW (lpString="|Create|") returned 8 [0273.410] RtlRestoreLastWin32Error () returned 0x490 [0273.410] lstrlenW (lpString="create") returned 6 [0273.411] lstrlenW (lpString="create") returned 6 [0273.411] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.411] GetProcessHeap () returned 0x470000 [0273.411] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x477558) returned 1 [0273.411] GetProcessHeap () returned 0x470000 [0273.411] RtlReAllocateHeap (Heap=0x470000, Flags=0xc, Ptr=0x477558, Size=0x14) returned 0x479440 [0273.411] lstrlenW (lpString="Create") returned 6 [0273.411] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.411] _vsnwprintf (in: _Buffer=0x479440, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8 [0273.411] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8 [0273.411] lstrlenW (lpString="|create|") returned 8 [0273.411] lstrlenW (lpString="|Create|") returned 8 [0273.411] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0273.411] RtlRestoreLastWin32Error () returned 0x0 [0273.411] RtlRestoreLastWin32Error () returned 0x0 [0273.411] RtlRestoreLastWin32Error () returned 0x0 [0273.411] lstrlenW (lpString="/TN") returned 3 [0273.411] lstrlenW (lpString="-/") returned 2 [0273.411] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/" [0273.411] lstrlenW (lpString="?") returned 1 [0273.411] lstrlenW (lpString="?") returned 1 [0273.411] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.411] lstrlenW (lpString="TN") returned 2 [0273.411] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.411] _vsnwprintf (in: _Buffer=0x479440, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3 [0273.411] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0273.411] lstrlenW (lpString="|?|") returned 3 [0273.411] lstrlenW (lpString="|TN|") returned 4 [0273.411] RtlRestoreLastWin32Error () returned 0x490 [0273.411] lstrlenW (lpString="create") returned 6 [0273.411] lstrlenW (lpString="create") returned 6 [0273.411] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.411] lstrlenW (lpString="TN") returned 2 [0273.411] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.411] _vsnwprintf (in: _Buffer=0x479440, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8 [0273.412] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0273.412] lstrlenW (lpString="|create|") returned 8 [0273.412] lstrlenW (lpString="|TN|") returned 4 [0273.412] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0273.412] RtlRestoreLastWin32Error () returned 0x490 [0273.412] lstrlenW (lpString="delete") returned 6 [0273.412] lstrlenW (lpString="delete") returned 6 [0273.412] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.412] lstrlenW (lpString="TN") returned 2 [0273.412] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.412] _vsnwprintf (in: _Buffer=0x479440, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8 [0273.412] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0273.412] lstrlenW (lpString="|delete|") returned 8 [0273.412] lstrlenW (lpString="|TN|") returned 4 [0273.412] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0 [0273.412] RtlRestoreLastWin32Error () returned 0x490 [0273.412] lstrlenW (lpString="query") returned 5 [0273.412] lstrlenW (lpString="query") returned 5 [0273.412] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.412] lstrlenW (lpString="TN") returned 2 [0273.412] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.412] _vsnwprintf (in: _Buffer=0x479440, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7 [0273.412] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0273.412] lstrlenW (lpString="|query|") returned 7 [0273.412] lstrlenW (lpString="|TN|") returned 4 [0273.412] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0 [0273.412] RtlRestoreLastWin32Error () returned 0x490 [0273.412] lstrlenW (lpString="change") returned 6 [0273.412] lstrlenW (lpString="change") returned 6 [0273.412] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.412] lstrlenW (lpString="TN") returned 2 [0273.412] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.412] _vsnwprintf (in: _Buffer=0x479440, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8 [0273.412] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0273.412] lstrlenW (lpString="|change|") returned 8 [0273.413] lstrlenW (lpString="|TN|") returned 4 [0273.413] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0 [0273.413] RtlRestoreLastWin32Error () returned 0x490 [0273.413] lstrlenW (lpString="run") returned 3 [0273.413] lstrlenW (lpString="run") returned 3 [0273.413] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.413] lstrlenW (lpString="TN") returned 2 [0273.413] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.413] _vsnwprintf (in: _Buffer=0x479440, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5 [0273.413] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0273.413] lstrlenW (lpString="|run|") returned 5 [0273.413] lstrlenW (lpString="|TN|") returned 4 [0273.413] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0 [0273.413] RtlRestoreLastWin32Error () returned 0x490 [0273.413] lstrlenW (lpString="end") returned 3 [0273.413] lstrlenW (lpString="end") returned 3 [0273.413] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.413] lstrlenW (lpString="TN") returned 2 [0273.413] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.413] _vsnwprintf (in: _Buffer=0x479440, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5 [0273.413] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0273.413] lstrlenW (lpString="|end|") returned 5 [0273.413] lstrlenW (lpString="|TN|") returned 4 [0273.413] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0 [0273.413] RtlRestoreLastWin32Error () returned 0x490 [0273.413] lstrlenW (lpString="showsid") returned 7 [0273.413] lstrlenW (lpString="showsid") returned 7 [0273.413] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.413] GetProcessHeap () returned 0x470000 [0273.413] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479440) returned 1 [0273.413] GetProcessHeap () returned 0x470000 [0273.413] RtlReAllocateHeap (Heap=0x470000, Flags=0xc, Ptr=0x479440, Size=0x16) returned 0x4793a0 [0273.413] lstrlenW (lpString="TN") returned 2 [0273.413] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.413] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9 [0273.413] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4 [0273.413] lstrlenW (lpString="|showsid|") returned 9 [0273.414] lstrlenW (lpString="|TN|") returned 4 [0273.414] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0 [0273.414] RtlRestoreLastWin32Error () returned 0x490 [0273.414] RtlRestoreLastWin32Error () returned 0x490 [0273.414] RtlRestoreLastWin32Error () returned 0x0 [0273.414] lstrlenW (lpString="/TN") returned 3 [0273.414] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0 [0273.414] RtlRestoreLastWin32Error () returned 0x490 [0273.414] RtlRestoreLastWin32Error () returned 0x0 [0273.414] lstrlenW (lpString="/TN") returned 3 [0273.414] GetProcessHeap () returned 0x470000 [0273.414] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x8) returned 0x4771a8 [0273.414] GetProcessHeap () returned 0x470000 [0273.414] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4794a0 [0273.414] RtlRestoreLastWin32Error () returned 0x0 [0273.414] RtlRestoreLastWin32Error () returned 0x0 [0273.414] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0273.414] lstrlenW (lpString="-/") returned 2 [0273.414] StrChrIW (lpStart="-/", wMatch=0x780055) returned 0x0 [0273.414] RtlRestoreLastWin32Error () returned 0x490 [0273.414] RtlRestoreLastWin32Error () returned 0x490 [0273.414] RtlRestoreLastWin32Error () returned 0x0 [0273.414] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0273.414] StrChrIW (lpStart="Updates\\xlpVvRzhctudF", wMatch=0x3a) returned 0x0 [0273.414] RtlRestoreLastWin32Error () returned 0x490 [0273.414] RtlRestoreLastWin32Error () returned 0x0 [0273.414] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0273.414] GetProcessHeap () returned 0x470000 [0273.414] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x2c) returned 0x47a940 [0273.414] GetProcessHeap () returned 0x470000 [0273.414] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4792a0 [0273.414] RtlRestoreLastWin32Error () returned 0x0 [0273.414] RtlRestoreLastWin32Error () returned 0x0 [0273.414] lstrlenW (lpString="/XML") returned 4 [0273.414] lstrlenW (lpString="-/") returned 2 [0273.414] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/" [0273.414] lstrlenW (lpString="?") returned 1 [0273.414] lstrlenW (lpString="?") returned 1 [0273.414] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.414] lstrlenW (lpString="XML") returned 3 [0273.414] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.414] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3 [0273.415] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0273.415] lstrlenW (lpString="|?|") returned 3 [0273.415] lstrlenW (lpString="|XML|") returned 5 [0273.415] RtlRestoreLastWin32Error () returned 0x490 [0273.415] lstrlenW (lpString="create") returned 6 [0273.415] lstrlenW (lpString="create") returned 6 [0273.415] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.415] lstrlenW (lpString="XML") returned 3 [0273.415] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.415] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8 [0273.415] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0273.415] lstrlenW (lpString="|create|") returned 8 [0273.415] lstrlenW (lpString="|XML|") returned 5 [0273.415] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0273.415] RtlRestoreLastWin32Error () returned 0x490 [0273.415] lstrlenW (lpString="delete") returned 6 [0273.415] lstrlenW (lpString="delete") returned 6 [0273.415] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.415] lstrlenW (lpString="XML") returned 3 [0273.415] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.415] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8 [0273.415] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0273.415] lstrlenW (lpString="|delete|") returned 8 [0273.415] lstrlenW (lpString="|XML|") returned 5 [0273.415] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0 [0273.415] RtlRestoreLastWin32Error () returned 0x490 [0273.415] lstrlenW (lpString="query") returned 5 [0273.415] lstrlenW (lpString="query") returned 5 [0273.415] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.415] lstrlenW (lpString="XML") returned 3 [0273.415] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.415] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7 [0273.415] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0273.415] lstrlenW (lpString="|query|") returned 7 [0273.415] lstrlenW (lpString="|XML|") returned 5 [0273.415] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0 [0273.415] RtlRestoreLastWin32Error () returned 0x490 [0273.415] lstrlenW (lpString="change") returned 6 [0273.416] lstrlenW (lpString="change") returned 6 [0273.416] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.416] lstrlenW (lpString="XML") returned 3 [0273.416] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.416] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8 [0273.416] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0273.416] lstrlenW (lpString="|change|") returned 8 [0273.416] lstrlenW (lpString="|XML|") returned 5 [0273.416] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0 [0273.416] RtlRestoreLastWin32Error () returned 0x490 [0273.416] lstrlenW (lpString="run") returned 3 [0273.416] lstrlenW (lpString="run") returned 3 [0273.416] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.416] lstrlenW (lpString="XML") returned 3 [0273.416] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.416] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5 [0273.416] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0273.416] lstrlenW (lpString="|run|") returned 5 [0273.416] lstrlenW (lpString="|XML|") returned 5 [0273.416] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0 [0273.416] RtlRestoreLastWin32Error () returned 0x490 [0273.416] lstrlenW (lpString="end") returned 3 [0273.416] lstrlenW (lpString="end") returned 3 [0273.416] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.416] lstrlenW (lpString="XML") returned 3 [0273.416] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.416] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5 [0273.416] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0273.416] lstrlenW (lpString="|end|") returned 5 [0273.416] lstrlenW (lpString="|XML|") returned 5 [0273.416] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0 [0273.417] RtlRestoreLastWin32Error () returned 0x490 [0273.417] lstrlenW (lpString="showsid") returned 7 [0273.417] lstrlenW (lpString="showsid") returned 7 [0273.417] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.417] lstrlenW (lpString="XML") returned 3 [0273.417] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.417] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9 [0273.417] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5 [0273.417] lstrlenW (lpString="|showsid|") returned 9 [0273.417] lstrlenW (lpString="|XML|") returned 5 [0273.417] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0 [0273.417] RtlRestoreLastWin32Error () returned 0x490 [0273.417] RtlRestoreLastWin32Error () returned 0x490 [0273.417] RtlRestoreLastWin32Error () returned 0x0 [0273.417] lstrlenW (lpString="/XML") returned 4 [0273.417] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0 [0273.417] RtlRestoreLastWin32Error () returned 0x490 [0273.417] RtlRestoreLastWin32Error () returned 0x0 [0273.417] lstrlenW (lpString="/XML") returned 4 [0273.417] GetProcessHeap () returned 0x470000 [0273.417] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0xa) returned 0x477558 [0273.417] GetProcessHeap () returned 0x470000 [0273.417] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4794c0 [0273.417] RtlRestoreLastWin32Error () returned 0x0 [0273.417] RtlRestoreLastWin32Error () returned 0x0 [0273.417] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.417] lstrlenW (lpString="-/") returned 2 [0273.417] StrChrIW (lpStart="-/", wMatch=0x780043) returned 0x0 [0273.417] RtlRestoreLastWin32Error () returned 0x490 [0273.417] RtlRestoreLastWin32Error () returned 0x490 [0273.417] RtlRestoreLastWin32Error () returned 0x0 [0273.417] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.417] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp" [0273.417] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.417] GetProcessHeap () returned 0x470000 [0273.417] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x4773d8 [0273.417] _memicmp (_Buf1=0x4773d8, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.417] GetProcessHeap () returned 0x470000 [0273.417] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0xc) returned 0x4773f0 [0273.417] GetProcessHeap () returned 0x470000 [0273.418] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x47aa68 [0273.418] _memicmp (_Buf1=0x47aa68, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x6e) returned 0x47ad80 [0273.418] RtlRestoreLastWin32Error () returned 0x7a [0273.418] RtlRestoreLastWin32Error () returned 0x0 [0273.418] RtlRestoreLastWin32Error () returned 0x0 [0273.418] lstrlenW (lpString="C") returned 1 [0273.418] RtlRestoreLastWin32Error () returned 0x490 [0273.418] RtlRestoreLastWin32Error () returned 0x0 [0273.418] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x6a) returned 0x47adf8 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4793e0 [0273.418] RtlRestoreLastWin32Error () returned 0x0 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4771a8) returned 1 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4771a8) returned 0x8 [0273.418] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4771a8) returned 1 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4794a0) returned 1 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4794a0) returned 0x14 [0273.418] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4794a0) returned 1 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47a940) returned 1 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47a940) returned 0x2c [0273.418] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47a940) returned 1 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] GetProcessHeap () returned 0x470000 [0273.418] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4792a0) returned 1 [0273.418] GetProcessHeap () returned 0x470000 [0273.419] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4792a0) returned 0x14 [0273.419] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4792a0) returned 1 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x477558) returned 1 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x477558) returned 0xa [0273.419] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x477558) returned 1 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4794c0) returned 1 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4794c0) returned 0x14 [0273.419] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4794c0) returned 1 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47adf8) returned 1 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47adf8) returned 0x6a [0273.419] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47adf8) returned 1 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4793e0) returned 1 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4793e0) returned 0x14 [0273.419] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4793e0) returned 1 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x477498) returned 1 [0273.419] GetProcessHeap () returned 0x470000 [0273.419] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x477498) returned 0x10 [0273.419] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x477498) returned 1 [0273.420] RtlRestoreLastWin32Error () returned 0x0 [0273.420] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0273.420] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0273.420] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0273.420] RtlVerifyVersionInfo (VersionInfo=0xdce60, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0273.420] RtlRestoreLastWin32Error () returned 0x0 [0273.420] lstrlenW (lpString="create") returned 6 [0273.420] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0 [0273.420] RtlRestoreLastWin32Error () returned 0x490 [0273.420] RtlRestoreLastWin32Error () returned 0x0 [0273.420] lstrlenW (lpString="create") returned 6 [0273.420] GetProcessHeap () returned 0x470000 [0273.420] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4793e0 [0273.420] GetProcessHeap () returned 0x470000 [0273.420] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x47abd0 [0273.420] _memicmp (_Buf1=0x47abd0, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.420] GetProcessHeap () returned 0x470000 [0273.420] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x16) returned 0x4794a0 [0273.420] RtlRestoreLastWin32Error () returned 0x0 [0273.420] _memicmp (_Buf1=0x477468, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.420] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x479520, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0273.420] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdcf6c | out: lpdwHandle=0xdcf6c) returned 0x76c [0273.420] GetProcessHeap () returned 0x470000 [0273.420] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x776) returned 0x479de0 [0273.420] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x479de0 | out: lpData=0x479de0) returned 1 [0273.420] VerQueryValueW (in: pBlock=0x479de0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdcf74, puLen=0xdcf78 | out: lplpBuffer=0xdcf74*=0x47a190, puLen=0xdcf78) returned 1 [0273.420] _memicmp (_Buf1=0x477468, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.420] _vsnwprintf (in: _Buffer=0x479520, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdcf58 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0273.420] VerQueryValueW (in: pBlock=0x479de0, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdcf84, puLen=0xdcf80 | out: lplpBuffer=0xdcf84*=0x479fc0, puLen=0xdcf80) returned 1 [0273.421] lstrlenW (lpString="schtasks.exe") returned 12 [0273.421] lstrlenW (lpString="schtasks.exe") returned 12 [0273.421] lstrlenW (lpString=".EXE") returned 4 [0273.421] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0273.421] lstrlenW (lpString="schtasks.exe") returned 12 [0273.421] lstrlenW (lpString=".EXE") returned 4 [0273.421] lstrlenW (lpString="schtasks") returned 8 [0273.421] lstrlenW (lpString="/create") returned 7 [0273.421] _memicmp (_Buf1=0x477468, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.421] _vsnwprintf (in: _Buffer=0x479520, _BufferCount=0x19, _Format="%s %s", _ArgList=0xdcf58 | out: _Buffer="schtasks /create") returned 16 [0273.421] _memicmp (_Buf1=0x477420, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.421] GetProcessHeap () returned 0x470000 [0273.421] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x4792a0 [0273.421] _memicmp (_Buf1=0x4774c8, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.421] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x47a738, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0273.421] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0273.421] GetProcessHeap () returned 0x470000 [0273.421] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x30) returned 0x47a940 [0273.421] _vsnwprintf (in: _Buffer=0x47a690, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdcf5c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37 [0273.421] GetProcessHeap () returned 0x470000 [0273.421] GetProcessHeap () returned 0x470000 [0273.421] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479de0) returned 1 [0273.421] GetProcessHeap () returned 0x470000 [0273.421] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479de0) returned 0x776 [0273.421] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479de0) returned 1 [0273.421] RtlRestoreLastWin32Error () returned 0x0 [0273.421] GetThreadLocale () returned 0x409 [0273.421] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.421] lstrlenW (lpString="create") returned 6 [0273.421] GetThreadLocale () returned 0x409 [0273.421] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.421] lstrlenW (lpString="?") returned 1 [0273.421] GetThreadLocale () returned 0x409 [0273.421] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.421] lstrlenW (lpString="s") returned 1 [0273.421] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="u") returned 1 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="p") returned 1 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="ru") returned 2 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="rp") returned 2 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="sc") returned 2 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="mo") returned 2 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="d") returned 1 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="m") returned 1 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="i") returned 1 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="tn") returned 2 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="tr") returned 2 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="st") returned 2 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.422] lstrlenW (lpString="sd") returned 2 [0273.422] GetThreadLocale () returned 0x409 [0273.422] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.423] lstrlenW (lpString="ed") returned 2 [0273.423] GetThreadLocale () returned 0x409 [0273.423] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.423] lstrlenW (lpString="it") returned 2 [0273.423] GetThreadLocale () returned 0x409 [0273.423] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.423] lstrlenW (lpString="et") returned 2 [0273.423] GetThreadLocale () returned 0x409 [0273.423] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.423] lstrlenW (lpString="k") returned 1 [0273.423] GetThreadLocale () returned 0x409 [0273.423] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.423] lstrlenW (lpString="du") returned 2 [0273.423] GetThreadLocale () returned 0x409 [0273.423] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.423] lstrlenW (lpString="ri") returned 2 [0273.423] GetThreadLocale () returned 0x409 [0273.423] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.423] lstrlenW (lpString="z") returned 1 [0273.423] GetThreadLocale () returned 0x409 [0273.423] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.423] lstrlenW (lpString="f") returned 1 [0273.423] GetThreadLocale () returned 0x409 [0273.423] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.423] lstrlenW (lpString="v1") returned 2 [0273.423] GetThreadLocale () returned 0x409 [0273.423] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.423] lstrlenW (lpString="xml") returned 3 [0273.423] GetThreadLocale () returned 0x409 [0273.424] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.424] lstrlenW (lpString="ec") returned 2 [0273.424] GetThreadLocale () returned 0x409 [0273.424] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.424] lstrlenW (lpString="rl") returned 2 [0273.424] GetThreadLocale () returned 0x409 [0273.424] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.424] lstrlenW (lpString="delay") returned 5 [0273.424] GetThreadLocale () returned 0x409 [0273.424] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.424] lstrlenW (lpString="np") returned 2 [0273.424] GetThreadLocale () returned 0x409 [0273.424] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0273.424] lstrlenW (lpString="hresult") returned 7 [0273.424] RtlRestoreLastWin32Error () returned 0x0 [0273.424] RtlRestoreLastWin32Error () returned 0x0 [0273.424] lstrlenW (lpString="/Create") returned 7 [0273.424] lstrlenW (lpString="-/") returned 2 [0273.424] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/" [0273.424] lstrlenW (lpString="create") returned 6 [0273.424] lstrlenW (lpString="create") returned 6 [0273.424] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.424] lstrlenW (lpString="Create") returned 6 [0273.424] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.424] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8 [0273.424] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|Create|") returned 8 [0273.424] lstrlenW (lpString="|create|") returned 8 [0273.424] lstrlenW (lpString="|Create|") returned 8 [0273.424] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0273.424] RtlRestoreLastWin32Error () returned 0x0 [0273.424] RtlRestoreLastWin32Error () returned 0x0 [0273.424] RtlRestoreLastWin32Error () returned 0x0 [0273.424] lstrlenW (lpString="/TN") returned 3 [0273.424] lstrlenW (lpString="-/") returned 2 [0273.424] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/" [0273.424] lstrlenW (lpString="create") returned 6 [0273.424] lstrlenW (lpString="create") returned 6 [0273.425] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.425] lstrlenW (lpString="TN") returned 2 [0273.425] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.425] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8 [0273.425] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.425] lstrlenW (lpString="|create|") returned 8 [0273.425] lstrlenW (lpString="|TN|") returned 4 [0273.425] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0273.425] RtlRestoreLastWin32Error () returned 0x490 [0273.425] lstrlenW (lpString="?") returned 1 [0273.425] lstrlenW (lpString="?") returned 1 [0273.425] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.425] lstrlenW (lpString="TN") returned 2 [0273.425] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.425] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3 [0273.425] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.425] lstrlenW (lpString="|?|") returned 3 [0273.425] lstrlenW (lpString="|TN|") returned 4 [0273.425] RtlRestoreLastWin32Error () returned 0x490 [0273.425] lstrlenW (lpString="s") returned 1 [0273.425] lstrlenW (lpString="s") returned 1 [0273.425] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.425] lstrlenW (lpString="TN") returned 2 [0273.425] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.425] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3 [0273.425] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.425] lstrlenW (lpString="|s|") returned 3 [0273.425] lstrlenW (lpString="|TN|") returned 4 [0273.425] RtlRestoreLastWin32Error () returned 0x490 [0273.425] lstrlenW (lpString="u") returned 1 [0273.425] lstrlenW (lpString="u") returned 1 [0273.425] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.425] lstrlenW (lpString="TN") returned 2 [0273.425] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.425] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3 [0273.426] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.426] lstrlenW (lpString="|u|") returned 3 [0273.426] lstrlenW (lpString="|TN|") returned 4 [0273.426] RtlRestoreLastWin32Error () returned 0x490 [0273.426] lstrlenW (lpString="p") returned 1 [0273.426] lstrlenW (lpString="p") returned 1 [0273.426] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.426] lstrlenW (lpString="TN") returned 2 [0273.426] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.426] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3 [0273.426] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.426] lstrlenW (lpString="|p|") returned 3 [0273.426] lstrlenW (lpString="|TN|") returned 4 [0273.426] RtlRestoreLastWin32Error () returned 0x490 [0273.426] lstrlenW (lpString="ru") returned 2 [0273.426] lstrlenW (lpString="ru") returned 2 [0273.426] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.426] lstrlenW (lpString="TN") returned 2 [0273.426] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.426] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4 [0273.426] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.426] lstrlenW (lpString="|ru|") returned 4 [0273.426] lstrlenW (lpString="|TN|") returned 4 [0273.426] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0 [0273.426] RtlRestoreLastWin32Error () returned 0x490 [0273.426] lstrlenW (lpString="rp") returned 2 [0273.426] lstrlenW (lpString="rp") returned 2 [0273.426] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.426] lstrlenW (lpString="TN") returned 2 [0273.426] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.426] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4 [0273.427] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.427] lstrlenW (lpString="|rp|") returned 4 [0273.427] lstrlenW (lpString="|TN|") returned 4 [0273.427] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0 [0273.427] RtlRestoreLastWin32Error () returned 0x490 [0273.427] lstrlenW (lpString="sc") returned 2 [0273.427] lstrlenW (lpString="sc") returned 2 [0273.427] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.427] lstrlenW (lpString="TN") returned 2 [0273.427] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.427] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4 [0273.427] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.427] lstrlenW (lpString="|sc|") returned 4 [0273.427] lstrlenW (lpString="|TN|") returned 4 [0273.427] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0 [0273.427] RtlRestoreLastWin32Error () returned 0x490 [0273.427] lstrlenW (lpString="mo") returned 2 [0273.427] lstrlenW (lpString="mo") returned 2 [0273.427] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.427] lstrlenW (lpString="TN") returned 2 [0273.427] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.427] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4 [0273.427] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.427] lstrlenW (lpString="|mo|") returned 4 [0273.427] lstrlenW (lpString="|TN|") returned 4 [0273.427] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0 [0273.427] RtlRestoreLastWin32Error () returned 0x490 [0273.427] lstrlenW (lpString="d") returned 1 [0273.427] lstrlenW (lpString="d") returned 1 [0273.427] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.427] lstrlenW (lpString="TN") returned 2 [0273.427] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.427] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3 [0273.427] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.427] lstrlenW (lpString="|d|") returned 3 [0273.427] lstrlenW (lpString="|TN|") returned 4 [0273.428] RtlRestoreLastWin32Error () returned 0x490 [0273.428] lstrlenW (lpString="m") returned 1 [0273.428] lstrlenW (lpString="m") returned 1 [0273.428] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.428] lstrlenW (lpString="TN") returned 2 [0273.428] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.428] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3 [0273.428] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.428] lstrlenW (lpString="|m|") returned 3 [0273.428] lstrlenW (lpString="|TN|") returned 4 [0273.428] RtlRestoreLastWin32Error () returned 0x490 [0273.428] lstrlenW (lpString="i") returned 1 [0273.428] lstrlenW (lpString="i") returned 1 [0273.428] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.428] lstrlenW (lpString="TN") returned 2 [0273.428] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.428] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3 [0273.428] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.428] lstrlenW (lpString="|i|") returned 3 [0273.428] lstrlenW (lpString="|TN|") returned 4 [0273.428] RtlRestoreLastWin32Error () returned 0x490 [0273.428] lstrlenW (lpString="tn") returned 2 [0273.428] lstrlenW (lpString="tn") returned 2 [0273.428] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.428] lstrlenW (lpString="TN") returned 2 [0273.428] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.428] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4 [0273.428] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4 [0273.428] lstrlenW (lpString="|tn|") returned 4 [0273.428] lstrlenW (lpString="|TN|") returned 4 [0273.428] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|" [0273.428] RtlRestoreLastWin32Error () returned 0x0 [0273.429] RtlRestoreLastWin32Error () returned 0x0 [0273.429] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0273.429] lstrlenW (lpString="-/") returned 2 [0273.429] StrChrIW (lpStart="-/", wMatch=0x780055) returned 0x0 [0273.429] RtlRestoreLastWin32Error () returned 0x490 [0273.429] RtlRestoreLastWin32Error () returned 0x490 [0273.429] RtlRestoreLastWin32Error () returned 0x0 [0273.429] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0273.429] StrChrIW (lpStart="Updates\\xlpVvRzhctudF", wMatch=0x3a) returned 0x0 [0273.429] RtlRestoreLastWin32Error () returned 0x490 [0273.429] RtlRestoreLastWin32Error () returned 0x0 [0273.429] lstrlenW (lpString="Updates\\xlpVvRzhctudF") returned 21 [0273.429] RtlRestoreLastWin32Error () returned 0x0 [0273.429] RtlRestoreLastWin32Error () returned 0x0 [0273.429] lstrlenW (lpString="/XML") returned 4 [0273.429] lstrlenW (lpString="-/") returned 2 [0273.429] StrChrIW (lpStart="-/", wMatch=0x78002f) returned="/" [0273.429] lstrlenW (lpString="create") returned 6 [0273.429] lstrlenW (lpString="create") returned 6 [0273.429] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.429] lstrlenW (lpString="XML") returned 3 [0273.429] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.429] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8 [0273.429] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.429] lstrlenW (lpString="|create|") returned 8 [0273.429] lstrlenW (lpString="|XML|") returned 5 [0273.429] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0273.429] RtlRestoreLastWin32Error () returned 0x490 [0273.429] lstrlenW (lpString="?") returned 1 [0273.429] lstrlenW (lpString="?") returned 1 [0273.429] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.429] lstrlenW (lpString="XML") returned 3 [0273.429] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.429] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3 [0273.429] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.429] lstrlenW (lpString="|?|") returned 3 [0273.429] lstrlenW (lpString="|XML|") returned 5 [0273.429] RtlRestoreLastWin32Error () returned 0x490 [0273.429] lstrlenW (lpString="s") returned 1 [0273.430] lstrlenW (lpString="s") returned 1 [0273.430] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.430] lstrlenW (lpString="XML") returned 3 [0273.430] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.430] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3 [0273.430] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.430] lstrlenW (lpString="|s|") returned 3 [0273.430] lstrlenW (lpString="|XML|") returned 5 [0273.430] RtlRestoreLastWin32Error () returned 0x490 [0273.430] lstrlenW (lpString="u") returned 1 [0273.430] lstrlenW (lpString="u") returned 1 [0273.430] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.430] lstrlenW (lpString="XML") returned 3 [0273.430] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.430] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3 [0273.430] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.430] lstrlenW (lpString="|u|") returned 3 [0273.430] lstrlenW (lpString="|XML|") returned 5 [0273.430] RtlRestoreLastWin32Error () returned 0x490 [0273.430] lstrlenW (lpString="p") returned 1 [0273.430] lstrlenW (lpString="p") returned 1 [0273.430] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.430] lstrlenW (lpString="XML") returned 3 [0273.430] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.430] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3 [0273.430] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.430] lstrlenW (lpString="|p|") returned 3 [0273.430] lstrlenW (lpString="|XML|") returned 5 [0273.430] RtlRestoreLastWin32Error () returned 0x490 [0273.430] lstrlenW (lpString="ru") returned 2 [0273.430] lstrlenW (lpString="ru") returned 2 [0273.430] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.430] lstrlenW (lpString="XML") returned 3 [0273.430] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.430] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4 [0273.430] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.431] lstrlenW (lpString="|ru|") returned 4 [0273.431] lstrlenW (lpString="|XML|") returned 5 [0273.431] RtlRestoreLastWin32Error () returned 0x490 [0273.431] lstrlenW (lpString="rp") returned 2 [0273.431] lstrlenW (lpString="rp") returned 2 [0273.431] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.431] lstrlenW (lpString="XML") returned 3 [0273.431] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.431] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4 [0273.431] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.431] lstrlenW (lpString="|rp|") returned 4 [0273.431] lstrlenW (lpString="|XML|") returned 5 [0273.431] RtlRestoreLastWin32Error () returned 0x490 [0273.431] lstrlenW (lpString="sc") returned 2 [0273.431] lstrlenW (lpString="sc") returned 2 [0273.431] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.431] lstrlenW (lpString="XML") returned 3 [0273.431] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.431] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4 [0273.431] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.431] lstrlenW (lpString="|sc|") returned 4 [0273.431] lstrlenW (lpString="|XML|") returned 5 [0273.431] RtlRestoreLastWin32Error () returned 0x490 [0273.431] lstrlenW (lpString="mo") returned 2 [0273.431] lstrlenW (lpString="mo") returned 2 [0273.431] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.431] lstrlenW (lpString="XML") returned 3 [0273.431] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.431] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4 [0273.431] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.431] lstrlenW (lpString="|mo|") returned 4 [0273.431] lstrlenW (lpString="|XML|") returned 5 [0273.431] RtlRestoreLastWin32Error () returned 0x490 [0273.431] lstrlenW (lpString="d") returned 1 [0273.431] lstrlenW (lpString="d") returned 1 [0273.431] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.432] lstrlenW (lpString="XML") returned 3 [0273.432] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.432] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3 [0273.432] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.432] lstrlenW (lpString="|d|") returned 3 [0273.432] lstrlenW (lpString="|XML|") returned 5 [0273.432] RtlRestoreLastWin32Error () returned 0x490 [0273.432] lstrlenW (lpString="m") returned 1 [0273.432] lstrlenW (lpString="m") returned 1 [0273.432] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.432] lstrlenW (lpString="XML") returned 3 [0273.432] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.432] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3 [0273.432] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.432] lstrlenW (lpString="|m|") returned 3 [0273.432] lstrlenW (lpString="|XML|") returned 5 [0273.432] RtlRestoreLastWin32Error () returned 0x490 [0273.432] lstrlenW (lpString="i") returned 1 [0273.432] lstrlenW (lpString="i") returned 1 [0273.432] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.432] lstrlenW (lpString="XML") returned 3 [0273.432] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.432] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3 [0273.432] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.432] lstrlenW (lpString="|i|") returned 3 [0273.432] lstrlenW (lpString="|XML|") returned 5 [0273.432] RtlRestoreLastWin32Error () returned 0x490 [0273.432] lstrlenW (lpString="tn") returned 2 [0273.432] lstrlenW (lpString="tn") returned 2 [0273.432] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.432] lstrlenW (lpString="XML") returned 3 [0273.432] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.432] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4 [0273.432] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.433] lstrlenW (lpString="|tn|") returned 4 [0273.433] lstrlenW (lpString="|XML|") returned 5 [0273.433] RtlRestoreLastWin32Error () returned 0x490 [0273.433] lstrlenW (lpString="tr") returned 2 [0273.433] lstrlenW (lpString="tr") returned 2 [0273.433] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.433] lstrlenW (lpString="XML") returned 3 [0273.433] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.433] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tr|") returned 4 [0273.433] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.433] lstrlenW (lpString="|tr|") returned 4 [0273.433] lstrlenW (lpString="|XML|") returned 5 [0273.433] RtlRestoreLastWin32Error () returned 0x490 [0273.433] lstrlenW (lpString="st") returned 2 [0273.433] lstrlenW (lpString="st") returned 2 [0273.433] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.433] lstrlenW (lpString="XML") returned 3 [0273.433] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.433] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|st|") returned 4 [0273.433] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.433] lstrlenW (lpString="|st|") returned 4 [0273.433] lstrlenW (lpString="|XML|") returned 5 [0273.433] RtlRestoreLastWin32Error () returned 0x490 [0273.433] lstrlenW (lpString="sd") returned 2 [0273.433] lstrlenW (lpString="sd") returned 2 [0273.433] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.433] lstrlenW (lpString="XML") returned 3 [0273.433] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.433] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sd|") returned 4 [0273.433] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.433] lstrlenW (lpString="|sd|") returned 4 [0273.433] lstrlenW (lpString="|XML|") returned 5 [0273.433] RtlRestoreLastWin32Error () returned 0x490 [0273.433] lstrlenW (lpString="ed") returned 2 [0273.433] lstrlenW (lpString="ed") returned 2 [0273.433] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.434] lstrlenW (lpString="XML") returned 3 [0273.434] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.434] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ed|") returned 4 [0273.434] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.434] lstrlenW (lpString="|ed|") returned 4 [0273.434] lstrlenW (lpString="|XML|") returned 5 [0273.434] RtlRestoreLastWin32Error () returned 0x490 [0273.434] lstrlenW (lpString="it") returned 2 [0273.434] lstrlenW (lpString="it") returned 2 [0273.434] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.434] lstrlenW (lpString="XML") returned 3 [0273.434] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.434] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|it|") returned 4 [0273.434] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.434] lstrlenW (lpString="|it|") returned 4 [0273.434] lstrlenW (lpString="|XML|") returned 5 [0273.434] RtlRestoreLastWin32Error () returned 0x490 [0273.434] lstrlenW (lpString="et") returned 2 [0273.434] lstrlenW (lpString="et") returned 2 [0273.434] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.434] lstrlenW (lpString="XML") returned 3 [0273.434] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.434] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|et|") returned 4 [0273.434] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.434] lstrlenW (lpString="|et|") returned 4 [0273.434] lstrlenW (lpString="|XML|") returned 5 [0273.434] RtlRestoreLastWin32Error () returned 0x490 [0273.434] lstrlenW (lpString="k") returned 1 [0273.434] lstrlenW (lpString="k") returned 1 [0273.434] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.434] lstrlenW (lpString="XML") returned 3 [0273.434] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.434] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|k|") returned 3 [0273.434] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.434] lstrlenW (lpString="|k|") returned 3 [0273.434] lstrlenW (lpString="|XML|") returned 5 [0273.434] RtlRestoreLastWin32Error () returned 0x490 [0273.435] lstrlenW (lpString="du") returned 2 [0273.435] lstrlenW (lpString="du") returned 2 [0273.435] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.435] lstrlenW (lpString="XML") returned 3 [0273.435] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.435] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|du|") returned 4 [0273.435] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.435] lstrlenW (lpString="|du|") returned 4 [0273.435] lstrlenW (lpString="|XML|") returned 5 [0273.435] RtlRestoreLastWin32Error () returned 0x490 [0273.435] lstrlenW (lpString="ri") returned 2 [0273.435] lstrlenW (lpString="ri") returned 2 [0273.435] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.435] lstrlenW (lpString="XML") returned 3 [0273.435] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.435] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ri|") returned 4 [0273.435] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.435] lstrlenW (lpString="|ri|") returned 4 [0273.435] lstrlenW (lpString="|XML|") returned 5 [0273.435] RtlRestoreLastWin32Error () returned 0x490 [0273.435] lstrlenW (lpString="z") returned 1 [0273.435] lstrlenW (lpString="z") returned 1 [0273.435] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.435] lstrlenW (lpString="XML") returned 3 [0273.435] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.435] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|z|") returned 3 [0273.435] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.435] lstrlenW (lpString="|z|") returned 3 [0273.435] lstrlenW (lpString="|XML|") returned 5 [0273.435] RtlRestoreLastWin32Error () returned 0x490 [0273.435] lstrlenW (lpString="f") returned 1 [0273.435] lstrlenW (lpString="f") returned 1 [0273.435] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.435] lstrlenW (lpString="XML") returned 3 [0273.435] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.435] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|f|") returned 3 [0273.436] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.436] lstrlenW (lpString="|f|") returned 3 [0273.436] lstrlenW (lpString="|XML|") returned 5 [0273.436] RtlRestoreLastWin32Error () returned 0x490 [0273.436] lstrlenW (lpString="v1") returned 2 [0273.436] lstrlenW (lpString="v1") returned 2 [0273.436] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.436] lstrlenW (lpString="XML") returned 3 [0273.436] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.436] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|v1|") returned 4 [0273.436] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.436] lstrlenW (lpString="|v1|") returned 4 [0273.436] lstrlenW (lpString="|XML|") returned 5 [0273.436] RtlRestoreLastWin32Error () returned 0x490 [0273.436] lstrlenW (lpString="xml") returned 3 [0273.436] lstrlenW (lpString="xml") returned 3 [0273.436] _memicmp (_Buf1=0x477540, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.436] lstrlenW (lpString="XML") returned 3 [0273.436] _memicmp (_Buf1=0x477390, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.436] _vsnwprintf (in: _Buffer=0x4793a0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|xml|") returned 5 [0273.436] _vsnwprintf (in: _Buffer=0x479240, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5 [0273.436] lstrlenW (lpString="|xml|") returned 5 [0273.437] lstrlenW (lpString="|XML|") returned 5 [0273.437] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|" [0273.437] RtlRestoreLastWin32Error () returned 0x0 [0273.437] RtlRestoreLastWin32Error () returned 0x0 [0273.437] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.437] lstrlenW (lpString="-/") returned 2 [0273.437] StrChrIW (lpStart="-/", wMatch=0x780043) returned 0x0 [0273.437] RtlRestoreLastWin32Error () returned 0x490 [0273.437] RtlRestoreLastWin32Error () returned 0x490 [0273.437] RtlRestoreLastWin32Error () returned 0x0 [0273.437] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.437] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp" [0273.437] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.437] _memicmp (_Buf1=0x4773d8, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.437] _memicmp (_Buf1=0x47aa68, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.437] RtlRestoreLastWin32Error () returned 0x7a [0273.437] RtlRestoreLastWin32Error () returned 0x0 [0273.437] RtlRestoreLastWin32Error () returned 0x0 [0273.437] lstrlenW (lpString="C") returned 1 [0273.437] RtlRestoreLastWin32Error () returned 0x490 [0273.437] RtlRestoreLastWin32Error () returned 0x0 [0273.437] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.437] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.437] GetProcessHeap () returned 0x470000 [0273.437] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x6a) returned 0x47adf8 [0273.437] RtlRestoreLastWin32Error () returned 0x0 [0273.437] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.437] RtlRestoreLastWin32Error () returned 0x0 [0273.437] GetProcessHeap () returned 0x470000 [0273.437] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x1fc) returned 0x479de0 [0273.438] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0273.462] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0273.504] CoCreateInstance (in: rclsid=0x12226c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x12226d0*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xdd39c | out: ppv=0xdd39c*=0x7837c8) returned 0x0 [0273.560] TaskScheduler:ITaskService:Connect (This=0x7837c8, serverName=0xdd34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0xdd35c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0xdd36c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0xdd37c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0273.670] TaskScheduler:ITaskService:GetFolder (in: This=0x7837c8, Path=0x0, ppFolder=0xdd464 | out: ppFolder=0xdd464*=0x7838f0) returned 0x0 [0273.673] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp433e.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0xffffffff [0273.673] GetLastError () returned 0x2 [0273.673] __iob_func () returned 0x75cb1208 [0273.673] GetLastError () returned 0x2 [0273.673] FormatMessageW (in: dwFlags=0x1300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0xdcd80, nSize=0x0, Arguments=0x0 | out: lpBuffer="馸H퐄\r냖ģ\r") returned 0x2c [0273.676] GetLastError () returned 0x2 [0273.676] lstrlenW (lpString="The system cannot find the file specified.\r\n") returned 44 [0273.677] GetProcessHeap () returned 0x470000 [0273.677] GetProcessHeap () returned 0x470000 [0273.677] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x470598) returned 1 [0273.677] GetProcessHeap () returned 0x470000 [0273.677] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x470598) returned 0x2 [0273.677] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x470598) returned 1 [0273.677] GetProcessHeap () returned 0x470000 [0273.677] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x5a) returned 0x489a20 [0273.677] RtlRestoreLastWin32Error () returned 0x2 [0273.677] LocalFree (hMem=0x4899b8) returned 0x0 [0273.677] GetProcessHeap () returned 0x470000 [0273.677] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x14) returned 0x481818 [0273.677] _memicmp (_Buf1=0x4774c8, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.677] LoadStringW (in: hInstance=0x0, uID=0x1389, lpBuffer=0x47a738, cchBufferMax=256 | out: lpBuffer="ERROR:") returned 0x6 [0273.677] lstrlenW (lpString="ERROR:") returned 6 [0273.677] GetProcessHeap () returned 0x470000 [0273.677] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0xe) returned 0x47a9f0 [0273.677] GetProcessHeap () returned 0x470000 [0273.677] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x10) returned 0x47abe8 [0273.677] _memicmp (_Buf1=0x47abe8, _Buf2=0x1222708, _Size=0x7) returned 0 [0273.677] GetProcessHeap () returned 0x470000 [0273.677] RtlAllocateHeap (HeapHandle=0x470000, Flags=0xc, Size=0x1000) returned 0x48ae08 [0273.677] _vsnwprintf (in: _Buffer=0x48ae08, _BufferCount=0x7ff, _Format="%s ", _ArgList=0xdcd84 | out: _Buffer="ERROR: ") returned 7 [0273.677] _fileno (_File=0x75cb1248) returned 2 [0273.677] _errno () returned 0x7805b0 [0273.677] _get_osfhandle (_FileHandle=2) returned 0x40 [0273.677] _errno () returned 0x7805b0 [0273.677] GetFileType (hFile=0x40) returned 0x2 [0273.677] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0273.677] GetFileType (hFile=0x40) returned 0x2 [0273.678] GetConsoleMode (in: hConsoleHandle=0x40, lpMode=0xdcd2c | out: lpMode=0xdcd2c) returned 1 [0273.719] __iob_func () returned 0x75cb1208 [0273.719] __iob_func () returned 0x75cb1208 [0273.719] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0273.720] lstrlenW (lpString="ERROR: ") returned 7 [0273.749] WriteConsoleW (in: hConsoleOutput=0x40, lpBuffer=0x48ae08*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xdcd50, lpReserved=0x0 | out: lpBuffer=0x48ae08*, lpNumberOfCharsWritten=0xdcd50*=0x7) returned 1 [0273.818] _fileno (_File=0x75cb1248) returned 2 [0273.823] _errno () returned 0x7805b0 [0273.823] _get_osfhandle (_FileHandle=2) returned 0x40 [0273.823] _errno () returned 0x7805b0 [0273.823] GetFileType (hFile=0x40) returned 0x2 [0273.823] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0273.823] GetFileType (hFile=0x40) returned 0x2 [0273.823] GetConsoleMode (in: hConsoleHandle=0x40, lpMode=0xdcd58 | out: lpMode=0xdcd58) returned 1 [0273.894] __iob_func () returned 0x75cb1208 [0273.894] __iob_func () returned 0x75cb1208 [0273.894] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0273.894] lstrlenW (lpString="The system cannot find the file specified.\r\n") returned 44 [0273.894] WriteConsoleW (in: hConsoleOutput=0x40, lpBuffer=0x489a20*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0xdcd7c, lpReserved=0x0 | out: lpBuffer=0x489a20*, lpNumberOfCharsWritten=0xdcd7c*=0x2c) returned 1 [0273.973] TaskScheduler:IUnknown:Release (This=0x7838f0) returned 0x0 [0273.973] TaskScheduler:IUnknown:Release (This=0x7837c8) returned 0x0 [0273.973] lstrlenW (lpString="") returned 0 [0273.973] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp") returned 52 [0273.973] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp433E.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0273.973] GetProcessHeap () returned 0x470000 [0273.973] GetProcessHeap () returned 0x470000 [0273.973] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479de0) returned 1 [0273.973] GetProcessHeap () returned 0x470000 [0273.973] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479de0) returned 0x1fc [0273.974] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479de0) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47adf8) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47adf8) returned 0x6a [0273.974] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47adf8) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4794a0) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4794a0) returned 0x16 [0273.974] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4794a0) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47abd0) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47abd0) returned 0x10 [0273.974] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47abd0) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4793e0) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4793e0) returned 0x14 [0273.974] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4793e0) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47a690) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47a690) returned 0xa0 [0273.974] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47a690) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x477420) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x477420) returned 0x10 [0273.974] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x477420) returned 1 [0273.974] GetProcessHeap () returned 0x470000 [0273.974] GetProcessHeap () returned 0x470000 [0273.975] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479340) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479340) returned 0x14 [0273.975] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479340) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47ad80) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47ad80) returned 0x6e [0273.975] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47ad80) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47aa68) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47aa68) returned 0x10 [0273.975] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47aa68) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479320) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479320) returned 0x14 [0273.975] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479320) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4773f0) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4773f0) returned 0xc [0273.975] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4773f0) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4773d8) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4773d8) returned 0x10 [0273.975] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4773d8) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4791a0) returned 1 [0273.975] GetProcessHeap () returned 0x470000 [0273.975] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4791a0) returned 0x14 [0273.975] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4791a0) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479520) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479520) returned 0x208 [0273.976] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479520) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x477468) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x477468) returned 0x10 [0273.976] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x477468) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4792e0) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4792e0) returned 0x14 [0273.976] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4792e0) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47a738) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47a738) returned 0x200 [0273.976] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47a738) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4774c8) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4774c8) returned 0x10 [0273.976] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4774c8) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479380) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479380) returned 0x14 [0273.976] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479380) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x48ae08) returned 1 [0273.976] GetProcessHeap () returned 0x470000 [0273.976] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x48ae08) returned 0x1000 [0273.977] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x48ae08) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47abe8) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47abe8) returned 0x10 [0273.977] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47abe8) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4794e0) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4794e0) returned 0x14 [0273.977] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4794e0) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479240) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479240) returned 0x14 [0273.977] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479240) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x477390) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x477390) returned 0x10 [0273.977] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x477390) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4727f8) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4727f8) returned 0x14 [0273.977] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4727f8) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4793a0) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4793a0) returned 0x16 [0273.977] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4793a0) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x477540) returned 1 [0273.977] GetProcessHeap () returned 0x470000 [0273.977] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x477540) returned 0x10 [0273.978] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x477540) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x476690) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x476690) returned 0x14 [0273.978] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x476690) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x489a20) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x489a20) returned 0x5a [0273.978] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x489a20) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x476ec0) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x476ec0) returned 0x14 [0273.978] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x476ec0) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x476c88) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x476c88) returned 0x14 [0273.978] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x476c88) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x476ca8) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x476ca8) returned 0x14 [0273.978] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x476ca8) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x476cc8) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x476cc8) returned 0x14 [0273.978] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x476cc8) returned 1 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] GetProcessHeap () returned 0x470000 [0273.978] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4793c0) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4793c0) returned 0x14 [0273.979] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4793c0) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4791c0) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4791c0) returned 0x14 [0273.979] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4791c0) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x476b28) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x476b28) returned 0x30 [0273.979] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x476b28) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479420) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479420) returned 0x14 [0273.979] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479420) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47a940) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47a940) returned 0x30 [0273.979] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47a940) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4792a0) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4792a0) returned 0x14 [0273.979] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4792a0) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x47a9f0) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x47a9f0) returned 0xe [0273.979] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x47a9f0) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] GetProcessHeap () returned 0x470000 [0273.979] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x481818) returned 1 [0273.979] GetProcessHeap () returned 0x470000 [0273.980] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x481818) returned 0x14 [0273.980] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x481818) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x477510) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x477510) returned 0x10 [0273.980] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x477510) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4768b8) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4768b8) returned 0x14 [0273.980] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4768b8) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4768d8) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4768d8) returned 0x14 [0273.980] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4768d8) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4768f8) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4768f8) returned 0x14 [0273.980] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4768f8) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x476650) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x476650) returned 0x14 [0273.980] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x476650) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4774e0) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4774e0) returned 0x10 [0273.980] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4774e0) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] GetProcessHeap () returned 0x470000 [0273.980] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x476670) returned 1 [0273.980] GetProcessHeap () returned 0x470000 [0273.981] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x476670) returned 0x14 [0273.981] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x476670) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x472818) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x472818) returned 0x14 [0273.981] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x472818) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479480) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479480) returned 0x14 [0273.981] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479480) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x4792c0) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x4792c0) returned 0x14 [0273.981] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x4792c0) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x479360) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x479360) returned 0x14 [0273.981] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x479360) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x477408) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x477408) returned 0x10 [0273.981] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x477408) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x472838) returned 1 [0273.981] GetProcessHeap () returned 0x470000 [0273.981] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x472838) returned 0x14 [0273.981] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x472838) returned 1 [0273.982] GetProcessHeap () returned 0x470000 [0273.982] GetProcessHeap () returned 0x470000 [0273.982] HeapValidate (hHeap=0x470000, dwFlags=0x0, lpMem=0x477450) returned 1 [0273.982] GetProcessHeap () returned 0x470000 [0273.982] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x477450) returned 0x10 [0273.982] RtlFreeHeap (HeapHandle=0x470000, Flags=0x0, BaseAddress=0x477450) returned 1 [0273.982] exit (_Code=1) Thread: id = 280 os_tid = 0xedc Process: id = "13" image_name = "kpruegc.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe" page_root = "0x325ac000" os_pid = "0xea8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0xd10" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010021" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2694 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2695 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2696 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2697 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2698 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2699 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2700 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2701 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2702 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2703 start_va = 0x400000 end_va = 0x4b9fff monitored = 1 entry_point = 0x4a4d76 region_type = mapped_file name = "kpruegc.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe") Region: id = 2704 start_va = 0x77700000 end_va = 0x7787afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2705 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2706 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2707 start_va = 0x7fff0000 end_va = 0x7ffb55e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2708 start_va = 0x7ffb55e80000 end_va = 0x7ffb56040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2709 start_va = 0x7ffb56041000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb56041000" filename = "" Region: id = 2718 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2732 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2733 start_va = 0x67fa0000 end_va = 0x67feffff monitored = 0 entry_point = 0x67fb8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2734 start_va = 0x67ff0000 end_va = 0x68069fff monitored = 0 entry_point = 0x68003290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2735 start_va = 0x765a0000 end_va = 0x7667ffff monitored = 0 entry_point = 0x765b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2736 start_va = 0x67f90000 end_va = 0x67f97fff monitored = 0 entry_point = 0x67f917c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2737 start_va = 0x500000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2738 start_va = 0x70c30000 end_va = 0x70c88fff monitored = 1 entry_point = 0x70c40780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 2739 start_va = 0x765a0000 end_va = 0x7667ffff monitored = 0 entry_point = 0x765b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2740 start_va = 0x76420000 end_va = 0x7659dfff monitored = 0 entry_point = 0x764d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2741 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2742 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2743 start_va = 0x6b0000 end_va = 0x76dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2744 start_va = 0x770000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2745 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2746 start_va = 0x761a0000 end_va = 0x7621afff monitored = 0 entry_point = 0x761be970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2747 start_va = 0x75c00000 end_va = 0x75cbdfff monitored = 0 entry_point = 0x75c35630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2748 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2749 start_va = 0x770000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2750 start_va = 0x8a0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 2751 start_va = 0x76150000 end_va = 0x76193fff monitored = 0 entry_point = 0x76169d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2752 start_va = 0x76370000 end_va = 0x7641cfff monitored = 0 entry_point = 0x76384f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2753 start_va = 0x74430000 end_va = 0x7444dfff monitored = 0 entry_point = 0x7443b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2754 start_va = 0x74420000 end_va = 0x74429fff monitored = 0 entry_point = 0x74422a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2755 start_va = 0x744b0000 end_va = 0x74507fff monitored = 0 entry_point = 0x744f25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2756 start_va = 0x1d0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2757 start_va = 0x70bb0000 end_va = 0x70c28fff monitored = 1 entry_point = 0x70bbf82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 2758 start_va = 0x745c0000 end_va = 0x74604fff monitored = 0 entry_point = 0x745dde90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2759 start_va = 0x76790000 end_va = 0x7694cfff monitored = 0 entry_point = 0x76872a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2760 start_va = 0x77580000 end_va = 0x776cefff monitored = 0 entry_point = 0x77636820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2761 start_va = 0x773e0000 end_va = 0x77526fff monitored = 0 entry_point = 0x773f1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2762 start_va = 0x480000 end_va = 0x4a9fff monitored = 0 entry_point = 0x485680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2763 start_va = 0x8b0000 end_va = 0xa37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 2764 start_va = 0x776d0000 end_va = 0x776fafff monitored = 0 entry_point = 0x776d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2772 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2773 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2774 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2775 start_va = 0xa40000 end_va = 0xbc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 2776 start_va = 0xbd0000 end_va = 0x1fcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bd0000" filename = "" Region: id = 2777 start_va = 0x1fd0000 end_va = 0x2084fff monitored = 1 entry_point = 0x2074d76 region_type = mapped_file name = "kpruegc.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe") Region: id = 2778 start_va = 0x76340000 end_va = 0x7634bfff monitored = 0 entry_point = 0x76343930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 2779 start_va = 0x70ba0000 end_va = 0x70ba7fff monitored = 0 entry_point = 0x70ba17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2780 start_va = 0x1fd0000 end_va = 0x2680fff monitored = 1 entry_point = 0x1fe5d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2781 start_va = 0x704e0000 end_va = 0x70b90fff monitored = 1 entry_point = 0x704f5d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2782 start_va = 0x703e0000 end_va = 0x704d4fff monitored = 0 entry_point = 0x70434160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 2810 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2811 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 2812 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2813 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 2814 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2815 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2816 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2817 start_va = 0x4e0000 end_va = 0x4e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2818 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2819 start_va = 0x5b0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2820 start_va = 0x510000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2821 start_va = 0x1fd0000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 2822 start_va = 0x510000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2823 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2824 start_va = 0x2040000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2825 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2826 start_va = 0x2140000 end_va = 0x413ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 2827 start_va = 0x4140000 end_va = 0x41dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004140000" filename = "" Region: id = 2828 start_va = 0x1fd0000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 2829 start_va = 0x2030000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 2830 start_va = 0x41e0000 end_va = 0x42dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041e0000" filename = "" Region: id = 2852 start_va = 0x42e0000 end_va = 0x4616fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2853 start_va = 0x6f1b0000 end_va = 0x703d7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 2873 start_va = 0x77120000 end_va = 0x7720afff monitored = 0 entry_point = 0x7715d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2874 start_va = 0x4620000 end_va = 0x46b0fff monitored = 0 entry_point = 0x4658cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2875 start_va = 0x6f130000 end_va = 0x6f1a4fff monitored = 0 entry_point = 0x6f169a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2876 start_va = 0x4620000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 2892 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2893 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2899 start_va = 0x6f0b0000 end_va = 0x6f12dfff monitored = 1 entry_point = 0x6f0b1140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 2900 start_va = 0x74510000 end_va = 0x745a1fff monitored = 0 entry_point = 0x74548cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2901 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2905 start_va = 0x6e700000 end_va = 0x6f0abfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 2906 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2908 start_va = 0x6e4e0000 end_va = 0x6e66cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 2910 start_va = 0x6d880000 end_va = 0x6e4d8fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 2911 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2912 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2913 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2914 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2915 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2916 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2917 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2918 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2919 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2920 start_va = 0x4790000 end_va = 0x491ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 2921 start_va = 0x76220000 end_va = 0x7633efff monitored = 0 entry_point = 0x76265980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2922 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2923 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2924 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2925 start_va = 0x4620000 end_va = 0x46dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004620000" filename = "" Region: id = 2926 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 2927 start_va = 0x590000 end_va = 0x593fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2928 start_va = 0x6d860000 end_va = 0x6d87cfff monitored = 0 entry_point = 0x6d863b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2929 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2930 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2931 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2932 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2933 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2934 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2935 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2936 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2937 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2938 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2939 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2940 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2941 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2942 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2943 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2944 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2945 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2946 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2947 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2948 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2949 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2950 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2951 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2952 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2953 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2954 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2955 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2956 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2957 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2958 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2959 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2960 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2961 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2962 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2963 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2964 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2965 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 2966 start_va = 0x46e0000 end_va = 0x477bfff monitored = 1 entry_point = 0x476e9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 2967 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2968 start_va = 0x870000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 2969 start_va = 0x870000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 2970 start_va = 0x880000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 2971 start_va = 0x4790000 end_va = 0x488ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 2972 start_va = 0x4910000 end_va = 0x491ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004910000" filename = "" Region: id = 2974 start_va = 0x6be40000 end_va = 0x6c551fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll") Region: id = 2975 start_va = 0x6d770000 end_va = 0x6d85efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1b51e779650e38bb712f3e535efcf132\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\1b51e779650e38bb712f3e535efcf132\\system.configuration.ni.dll") Region: id = 2976 start_va = 0x6b720000 end_va = 0x6be35fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\1f87b5140145c221b5201351fffc52d8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\1f87b5140145c221b5201351fffc52d8\\system.xml.ni.dll") Region: id = 2977 start_va = 0x747c0000 end_va = 0x75bbefff monitored = 0 entry_point = 0x7497b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2978 start_va = 0x75bc0000 end_va = 0x75bf6fff monitored = 0 entry_point = 0x75bc3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2979 start_va = 0x76b80000 end_va = 0x77078fff monitored = 0 entry_point = 0x76d87610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 2980 start_va = 0x76af0000 end_va = 0x76b7cfff monitored = 0 entry_point = 0x76b39b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 2981 start_va = 0x77530000 end_va = 0x77573fff monitored = 0 entry_point = 0x77537410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 2982 start_va = 0x76350000 end_va = 0x7635efff monitored = 0 entry_point = 0x76352e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2983 start_va = 0x870000 end_va = 0x870fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 2984 start_va = 0x740d0000 end_va = 0x740eafff monitored = 0 entry_point = 0x740d9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 2985 start_va = 0x6e6e0000 end_va = 0x6e6f2fff monitored = 0 entry_point = 0x6e6e9950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2986 start_va = 0x6e6b0000 end_va = 0x6e6defff monitored = 0 entry_point = 0x6e6c95e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2987 start_va = 0x4890000 end_va = 0x48cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004890000" filename = "" Region: id = 2988 start_va = 0x4920000 end_va = 0x4a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004920000" filename = "" Region: id = 2989 start_va = 0x48d0000 end_va = 0x490ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048d0000" filename = "" Region: id = 2990 start_va = 0x4a20000 end_va = 0x4b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a20000" filename = "" Region: id = 2991 start_va = 0x4b20000 end_va = 0x4b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b20000" filename = "" Region: id = 2992 start_va = 0x4b60000 end_va = 0x4c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 2993 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 2994 start_va = 0x74610000 end_va = 0x74693fff monitored = 0 entry_point = 0x74636220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2995 start_va = 0x890000 end_va = 0x890fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2996 start_va = 0x6d720000 end_va = 0x6d761fff monitored = 1 entry_point = 0x6d72f380 region_type = mapped_file name = "wbemdisp.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll") Region: id = 2997 start_va = 0x6d6b0000 end_va = 0x6d716fff monitored = 0 entry_point = 0x6d6cb610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 2998 start_va = 0x766d0000 end_va = 0x7672efff monitored = 0 entry_point = 0x766d4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 2999 start_va = 0x6e6a0000 end_va = 0x6e6acfff monitored = 0 entry_point = 0x6e6a3520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 3000 start_va = 0x6e680000 end_va = 0x6e69bfff monitored = 0 entry_point = 0x6e68aa90 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 3001 start_va = 0x6d690000 end_va = 0x6d6a0fff monitored = 0 entry_point = 0x6d698fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 3002 start_va = 0x6d5d0000 end_va = 0x6d68efff monitored = 0 entry_point = 0x6d601e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 3003 start_va = 0x2010000 end_va = 0x2013fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 3004 start_va = 0x6d540000 end_va = 0x6d5c0fff monitored = 0 entry_point = 0x6d55b260 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 3005 start_va = 0x2020000 end_va = 0x202efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbemdisp.tlb" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb") Region: id = 3006 start_va = 0x4c60000 end_va = 0x4c61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c60000" filename = "" Region: id = 3007 start_va = 0x4c70000 end_va = 0x4c70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c70000" filename = "" Region: id = 3008 start_va = 0x4c80000 end_va = 0x4d5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 3009 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3010 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3011 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3012 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3013 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3014 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3015 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3016 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3017 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3018 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3019 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3020 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3021 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3022 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3023 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 3024 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 3025 start_va = 0x4d70000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 3026 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3027 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3028 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3029 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3030 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3031 start_va = 0x4d60000 end_va = 0x4d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 3037 start_va = 0x6d520000 end_va = 0x6d537fff monitored = 1 entry_point = 0x6d525480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 3038 start_va = 0x4d60000 end_va = 0x4d77fff monitored = 1 entry_point = 0x4d65480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 3039 start_va = 0x4d80000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 3041 start_va = 0x6d520000 end_va = 0x6d537fff monitored = 1 entry_point = 0x6d525480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 3042 start_va = 0x4d90000 end_va = 0x4da7fff monitored = 1 entry_point = 0x4d95480 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 3044 start_va = 0x4d90000 end_va = 0x4d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 3045 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 3046 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 3047 start_va = 0x4da0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 3048 start_va = 0x4da0000 end_va = 0x4da4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 3049 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3050 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3051 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3052 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3053 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3054 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3055 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3056 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3057 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3058 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3059 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3060 start_va = 0x4db0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3061 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 3062 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 3063 start_va = 0x4dc0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 3064 start_va = 0x6d400000 end_va = 0x6d51bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\d2f554a0c84513cd793fdcd77a86dab1\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\d2f554a0c84513cd793fdcd77a86dab1\\system.management.ni.dll") Region: id = 3065 start_va = 0x4db0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 3066 start_va = 0x4df0000 end_va = 0x4eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 3067 start_va = 0x7fe60000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe60000" filename = "" Region: id = 3068 start_va = 0x7fe50000 end_va = 0x7fe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 3069 start_va = 0x4ef0000 end_va = 0x4f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 3070 start_va = 0x4f30000 end_va = 0x502ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f30000" filename = "" Region: id = 3071 start_va = 0x6e670000 end_va = 0x6e679fff monitored = 1 entry_point = 0x6e6739f9 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 3072 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 3073 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 3074 start_va = 0x5030000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 3075 start_va = 0x5030000 end_va = 0x5034fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005030000" filename = "" Thread: id = 270 os_tid = 0xeac [0273.305] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0273.352] RoInitialize () returned 0x1 [0273.352] RoUninitialize () returned 0x0 [0273.776] GetModuleHandleW (lpModuleName="user32.dll") returned 0x773e0000 [0273.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19dc28, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW§mdç\x93È «Np ß\x19", lpUsedDefaultChar=0x0) returned 14 [0273.776] GetProcAddress (hModule=0x773e0000, lpProcName="DefWindowProcW") returned 0x7778aee0 [0273.777] GetStockObject (i=5) returned 0x1900015 [0273.789] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0273.793] CoTaskMemAlloc (cb=0x5c) returned 0x6076f8 [0273.793] RegisterClassW (lpWndClass=0x19dc18) returned 0xc151 [0273.793] CoTaskMemFree (pv=0x6076f8) [0273.793] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0273.794] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x4003e [0273.797] SetWindowLongW (hWnd=0x4003e, nIndex=-4, dwNewLong=2004397792) returned 76613054 [0273.798] GetWindowLongW (hWnd=0x4003e, nIndex=-4) returned 2004397792 [0273.799] GetCurrentProcess () returned 0xffffffff [0273.799] GetCurrentThread () returned 0xfffffffe [0273.799] GetCurrentProcess () returned 0xffffffff [0273.799] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19d4f0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19d4f0*=0x258) returned 1 [0273.802] GetCurrentThreadId () returned 0xeac [0273.807] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19d474 | out: phkResult=0x19d474*=0x25c) returned 0x0 [0273.808] RegQueryValueExW (in: hKey=0x25c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19d494, lpData=0x0, lpcbData=0x19d490*=0x0 | out: lpType=0x19d494*=0x0, lpData=0x0, lpcbData=0x19d490*=0x0) returned 0x2 [0273.808] RegQueryValueExW (in: hKey=0x25c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19d494, lpData=0x0, lpcbData=0x19d490*=0x0 | out: lpType=0x19d494*=0x0, lpData=0x0, lpcbData=0x19d490*=0x0) returned 0x2 [0273.808] RegCloseKey (hKey=0x25c) returned 0x0 [0273.810] SetWindowLongW (hWnd=0x4003e, nIndex=-4, dwNewLong=76613094) returned 2004397792 [0273.810] GetWindowLongW (hWnd=0x4003e, nIndex=-4) returned 76613094 [0273.810] GetWindowLongW (hWnd=0x4003e, nIndex=-16) returned 79691776 [0273.827] CallWindowProcW (lpPrevWndFunc=0x7778aee0, hWnd=0x4003e, Msg=0x24, wParam=0x0, lParam=0x19d78c) returned 0x0 [0273.827] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc150 [0273.827] CallWindowProcW (lpPrevWndFunc=0x7778aee0, hWnd=0x4003e, Msg=0x81, wParam=0x0, lParam=0x19d780) returned 0x1 [0273.831] CallWindowProcW (lpPrevWndFunc=0x7778aee0, hWnd=0x4003e, Msg=0x83, wParam=0x0, lParam=0x19d76c) returned 0x0 [0273.837] CallWindowProcW (lpPrevWndFunc=0x7778aee0, hWnd=0x4003e, Msg=0x1, wParam=0x0, lParam=0x19d780) returned 0x0 [0274.050] GetCurrentProcessId () returned 0xea8 [0274.051] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ed4c | out: lpLuid=0x19ed4c*(LowPart=0x14, HighPart=0)) returned 1 [0274.053] GetCurrentProcess () returned 0xffffffff [0274.053] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19ed48 | out: TokenHandle=0x19ed48*=0x27c) returned 1 [0274.053] AdjustTokenPrivileges (in: TokenHandle=0x27c, DisableAllPrivileges=0, NewState=0x2149924*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0274.053] CloseHandle (hObject=0x27c) returned 1 [0274.081] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x31494b0, Length=0x20000, ResultLength=0x19f428 | out: SystemInformation=0x31494b0, ResultLength=0x19f428*=0xd870) returned 0x0 [0274.095] GetCurrentProcessId () returned 0xea8 [0274.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x31494b0, Length=0x20000, ResultLength=0x19f418 | out: SystemInformation=0x31494b0, ResultLength=0x19f418*=0xd870) returned 0x0 [0280.124] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x27c [0280.125] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x280 [0280.135] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e5dc | out: phkResult=0x19e5dc*=0x284) returned 0x0 [0280.136] RegQueryValueExW (in: hKey=0x284, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e5fc, lpData=0x0, lpcbData=0x19e5f8*=0x0 | out: lpType=0x19e5fc*=0x1, lpData=0x0, lpcbData=0x19e5f8*=0xe) returned 0x0 [0280.137] RegQueryValueExW (in: hKey=0x284, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e5fc, lpData=0x217ab30, lpcbData=0x19e5f8*=0xe | out: lpType=0x19e5fc*=0x1, lpData="Client", lpcbData=0x19e5f8*=0xe) returned 0x0 [0280.137] RegCloseKey (hKey=0x284) returned 0x0 [0280.439] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config", nBufferLength=0x105, lpBuffer=0x19df98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config", lpFilePart=0x0) returned 0x40 [0280.439] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config", nBufferLength=0x105, lpBuffer=0x19df40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config", lpFilePart=0x0) returned 0x40 [0280.678] GetCurrentProcess () returned 0xffffffff [0280.679] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2f8 | out: TokenHandle=0x19e2f8*=0x284) returned 1 [0280.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19ddd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0280.683] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0280.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0280.684] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0280.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0280.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e224) returned 1 [0280.686] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x288 [0280.686] GetFileType (hFile=0x288) returned 0x1 [0280.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e220) returned 1 [0280.686] GetFileType (hFile=0x288) returned 0x1 [0280.704] GetFileSize (in: hFile=0x288, lpFileSizeHigh=0x19e2ec | out: lpFileSizeHigh=0x19e2ec*=0x0) returned 0x8c8f [0280.705] ReadFile (in: hFile=0x288, lpBuffer=0x217e474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e2a8, lpOverlapped=0x0 | out: lpBuffer=0x217e474*, lpNumberOfBytesRead=0x19e2a8*=0x1000, lpOverlapped=0x0) returned 1 [0280.716] ReadFile (in: hFile=0x288, lpBuffer=0x217e474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e144, lpOverlapped=0x0 | out: lpBuffer=0x217e474*, lpNumberOfBytesRead=0x19e144*=0x1000, lpOverlapped=0x0) returned 1 [0280.719] ReadFile (in: hFile=0x288, lpBuffer=0x217e474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff8, lpOverlapped=0x0 | out: lpBuffer=0x217e474*, lpNumberOfBytesRead=0x19dff8*=0x1000, lpOverlapped=0x0) returned 1 [0280.720] ReadFile (in: hFile=0x288, lpBuffer=0x217e474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff8, lpOverlapped=0x0 | out: lpBuffer=0x217e474*, lpNumberOfBytesRead=0x19dff8*=0x1000, lpOverlapped=0x0) returned 1 [0280.720] ReadFile (in: hFile=0x288, lpBuffer=0x217e474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff8, lpOverlapped=0x0 | out: lpBuffer=0x217e474*, lpNumberOfBytesRead=0x19dff8*=0x1000, lpOverlapped=0x0) returned 1 [0280.720] ReadFile (in: hFile=0x288, lpBuffer=0x217e474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df30, lpOverlapped=0x0 | out: lpBuffer=0x217e474*, lpNumberOfBytesRead=0x19df30*=0x1000, lpOverlapped=0x0) returned 1 [0280.724] ReadFile (in: hFile=0x288, lpBuffer=0x217e474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e0ac, lpOverlapped=0x0 | out: lpBuffer=0x217e474*, lpNumberOfBytesRead=0x19e0ac*=0x1000, lpOverlapped=0x0) returned 1 [0280.725] ReadFile (in: hFile=0x288, lpBuffer=0x217e474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfc0, lpOverlapped=0x0 | out: lpBuffer=0x217e474*, lpNumberOfBytesRead=0x19dfc0*=0x1000, lpOverlapped=0x0) returned 1 [0280.726] ReadFile (in: hFile=0x288, lpBuffer=0x217e474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfc0, lpOverlapped=0x0 | out: lpBuffer=0x217e474*, lpNumberOfBytesRead=0x19dfc0*=0xc8f, lpOverlapped=0x0) returned 1 [0280.726] ReadFile (in: hFile=0x288, lpBuffer=0x217e474, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e080, lpOverlapped=0x0 | out: lpBuffer=0x217e474*, lpNumberOfBytesRead=0x19e080*=0x0, lpOverlapped=0x0) returned 1 [0280.726] CloseHandle (hObject=0x288) returned 1 [0280.727] GetCurrentProcess () returned 0xffffffff [0280.727] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x288) returned 1 [0280.727] GetCurrentProcess () returned 0xffffffff [0280.727] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x28c) returned 1 [0280.728] GetCurrentProcess () returned 0xffffffff [0280.728] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2f8 | out: TokenHandle=0x19e2f8*=0x290) returned 1 [0280.728] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.728] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config", nBufferLength=0x105, lpBuffer=0x19dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config", lpFilePart=0x0) returned 0x40 [0280.728] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\kprUEGC\\kprUEGC.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\kpruegc\\kpruegc.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0280.728] GetCurrentProcess () returned 0xffffffff [0280.728] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x294) returned 1 [0280.729] GetCurrentProcess () returned 0xffffffff [0280.729] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e420 | out: TokenHandle=0x19e420*=0x298) returned 1 [0280.745] GetCurrentProcess () returned 0xffffffff [0280.745] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e1e4 | out: TokenHandle=0x19e1e4*=0x29c) returned 1 [0280.763] GetCurrentProcess () returned 0xffffffff [0280.763] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e1f8 | out: TokenHandle=0x19e1f8*=0x2a0) returned 1 [0280.783] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19dec0 | out: phkResult=0x19dec0*=0x0) returned 0x2 [0280.788] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3dc | out: phkResult=0x19f3dc*=0x2a4) returned 0x0 [0280.793] RegQueryValueExW (in: hKey=0x2a4, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f3f8, lpData=0x0, lpcbData=0x19f3f4*=0x0 | out: lpType=0x19f3f8*=0x0, lpData=0x0, lpcbData=0x19f3f4*=0x0) returned 0x2 [0280.793] RegCloseKey (hKey=0x2a4) returned 0x0 [0280.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0280.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0280.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2d8) returned 1 [0280.840] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f354 | out: lpFileInformation=0x19f354*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0280.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2d4) returned 1 [0280.892] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19f05c | out: pfEnabled=0x19f05c) returned 0x0 [0280.977] CreateBindCtx (in: reserved=0x0, ppbc=0x19f404 | out: ppbc=0x19f404*=0x6195d0) returned 0x0 [0280.978] IUnknown:QueryInterface (in: This=0x6195d0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eec0 | out: ppvObject=0x19eec0*=0x6195d0) returned 0x0 [0280.978] IUnknown:QueryInterface (in: This=0x6195d0, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee7c | out: ppvObject=0x19ee7c*=0x0) returned 0x80004002 [0280.978] IUnknown:QueryInterface (in: This=0x6195d0, riid=0x7062fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec9c | out: ppvObject=0x19ec9c*=0x0) returned 0x80004002 [0280.978] IUnknown:QueryInterface (in: This=0x6195d0, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea74 | out: ppvObject=0x19ea74*=0x0) returned 0x80004002 [0280.979] IUnknown:AddRef (This=0x6195d0) returned 0x3 [0280.979] IUnknown:QueryInterface (in: This=0x6195d0, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7dc | out: ppvObject=0x19e7dc*=0x0) returned 0x80004002 [0280.979] IUnknown:QueryInterface (in: This=0x6195d0, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e78c | out: ppvObject=0x19e78c*=0x0) returned 0x80004002 [0280.979] IUnknown:QueryInterface (in: This=0x6195d0, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e798 | out: ppvObject=0x19e798*=0x0) returned 0x80004002 [0280.979] CoGetContextToken (in: pToken=0x19e7f8 | out: pToken=0x19e7f8) returned 0x0 [0280.979] CObjectContext::QueryInterface () returned 0x0 [0280.980] CObjectContext::GetCurrentApartmentType () returned 0x0 [0280.980] Release () returned 0x0 [0280.980] CoGetObjectContext (in: riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x613e44 | out: ppv=0x613e44*=0x5f03b8) returned 0x0 [0281.013] CoGetContextToken (in: pToken=0x19ec00 | out: pToken=0x19ec00) returned 0x0 [0281.013] IUnknown:QueryInterface (in: This=0x6195d0, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec90 | out: ppvObject=0x19ec90*=0x0) returned 0x80004002 [0281.014] IUnknown:Release (This=0x6195d0) returned 0x2 [0281.014] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0281.015] CoGetContextToken (in: pToken=0x19f130 | out: pToken=0x19f130) returned 0x0 [0281.015] IUnknown:QueryInterface (in: This=0x6195d0, riid=0x19f200*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x6195d0) returned 0x0 [0281.015] IUnknown:AddRef (This=0x6195d0) returned 0x4 [0281.015] IUnknown:Release (This=0x6195d0) returned 0x3 [0281.015] IUnknown:Release (This=0x6195d0) returned 0x2 [0281.015] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0281.015] IUnknown:AddRef (This=0x6195d0) returned 0x3 [0281.016] MkParseDisplayName (in: pbc=0x6195d0, szUserName="WinMgmts:", pchEaten=0x19f438, ppmk=0x19f3f0 | out: pchEaten=0x19f438, ppmk=0x19f3f0*=0x61a9d8) returned 0x0 [0281.072] malloc (_Size=0x80) returned 0x1f2da8 [0281.073] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61e4e8 [0281.073] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.073] DllGetClassObject (in: rclsid=0x628e84*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x767a7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1e0 | out: ppv=0x19f1e0*=0x61e278) returned 0x0 [0281.073] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61e278 [0281.074] WinMGMTS:IClassFactory:CreateInstance (in: This=0x61e278, pUnkOuter=0x0, riid=0x77126800*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f188 | out: ppvObject=0x19f188*=0x616310) returned 0x0 [0281.075] GetVersionExW (in: lpVersionInformation=0x19ef40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x19efa0, dwMinorVersion=0x765b234f, dwBuildNumber=0xc0150008, dwPlatformId=0x0, szCSDVersion="\藟≶) | out: lpVersionInformation=0x19ef40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0281.075] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19ef38 | out: phkResult=0x19ef38*=0x394) returned 0x0 [0281.076] RegQueryValueExW (in: hKey=0x394, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x19ef30, lpcbData=0x19ef3c*=0x4 | out: lpType=0x0, lpData=0x19ef30*=0x3, lpcbData=0x19ef3c*=0x4) returned 0x0 [0281.076] RegCloseKey (hKey=0x394) returned 0x0 [0281.076] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62a410 [0281.076] GetSystemDirectoryW (in: lpBuffer=0x62a410, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0281.076] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x761a0000 [0281.076] GetProcAddress (hModule=0x761a0000, lpProcName="DuplicateTokenEx") returned 0x761c0ad0 [0281.076] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.076] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61a488 [0281.076] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x616310 [0281.076] WinMGMTS:IUnknown:Release (This=0x61e278) returned 0x0 [0281.076] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.077] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x616310, pbc=0x6195d0, pszDisplayName="WinMgmts:", pchEaten=0x19f398, ppmkOut=0x19f394 | out: pchEaten=0x19f398*=0x9, ppmkOut=0x19f394*=0x61a9d8) returned 0x0 [0281.077] ApiSetQueryApiSetPresence () returned 0x0 [0281.077] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0281.077] IBindCtx:GetObjectParam (in: This=0x6195d0, pszKey=0x6d723e5c, ppunk=0x19f240 | out: ppunk=0x19f240*=0x0) returned 0x80004005 [0281.077] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c4e50 [0281.077] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123 [0281.077] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6076f8 [0281.077] ResolveDelayLoadedAPI () returned 0x76810060 [0281.077] CoCreateInstance (in: rclsid=0x6d721c58*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d721c48*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x607710 | out: ppv=0x607710*=0x616170) returned 0x0 [0281.084] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6073b8 [0281.085] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x603320 [0281.085] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c4c50 [0281.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.085] GetCurrentThreadId () returned 0xeac [0281.085] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91 [0281.085] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.085] GetCurrentThreadId () returned 0xeac [0281.086] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19f0b4 | out: phkResult=0x19f0b4*=0x3a0) returned 0x0 [0281.087] RegQueryValueExW (in: hKey=0x3a0, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x19f0b8*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x19f0b8*=0x16) returned 0x0 [0281.087] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c4c70 [0281.087] RegQueryValueExW (in: hKey=0x3a0, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x5c4c70, lpcbData=0x19f0b8*=0x16 | out: lpType=0x0, lpData=0x5c4c70*=0x72, lpcbData=0x19f0b8*=0x16) returned 0x0 [0281.087] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c4ed0 [0281.087] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.087] RegCloseKey (hKey=0x3a0) returned 0x0 [0281.088] CoCreateInstance (in: rclsid=0x6d7221a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d7221b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f0ec | out: ppv=0x19f0ec*=0x625d80) returned 0x0 [0281.097] SysStringLen (param_1=".") returned 0x1 [0281.097] WbemDefPath:IWbemPath:SetServer (This=0x625d80, Name=".") returned 0x0 [0281.097] CoCreateInstance (in: rclsid=0x6d7221a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d7221b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f098 | out: ppv=0x19f098*=0x607180) returned 0x0 [0281.097] CoCreateInstance (in: rclsid=0x6d7221a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d7221b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f034 | out: ppv=0x19f034*=0x607c30) returned 0x0 [0281.097] WbemDefPath:IWbemPath:SetText (This=0x607c30, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0281.098] WbemDefPath:IUnknown:Release (This=0x607c30) returned 0x0 [0281.098] SysStringLen (param_1="root\\cimv2") returned 0xa [0281.098] WbemDefPath:IWbemPath:SetText (This=0x607180, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0281.098] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x607180, puCount=0x19f0b0 | out: puCount=0x19f0b0*=0x2) returned 0x0 [0281.098] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x625d80) returned 0x0 [0281.098] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x607180, uIndex=0x0, puNameBufLength=0x19f06c*=0x0, pName=0x0 | out: puNameBufLength=0x19f06c*=0x5, pName=0x0) returned 0x0 [0281.098] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62b140 [0281.098] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x607180, uIndex=0x0, puNameBufLength=0x19f06c*=0x5, pName="" | out: puNameBufLength=0x19f06c*=0x5, pName="root") returned 0x0 [0281.098] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.098] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x625d80, uIndex=0x0, pszName="root") returned 0x0 [0281.098] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x607180, uIndex=0x1, puNameBufLength=0x19f06c*=0x0, pName=0x0 | out: puNameBufLength=0x19f06c*=0x6, pName=0x0) returned 0x0 [0281.098] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62b218 [0281.098] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x607180, uIndex=0x1, puNameBufLength=0x19f06c*=0x6, pName="" | out: puNameBufLength=0x19f06c*=0x6, pName="cimv2") returned 0x0 [0281.098] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.098] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x625d80, uIndex=0x1, pszName="cimv2") returned 0x0 [0281.098] WbemDefPath:IUnknown:Release (This=0x607180) returned 0x0 [0281.098] WbemDefPath:IWbemPath:GetText (in: This=0x625d80, lFlags=4, puBuffLength=0x19f0b4*=0x0, pszText=0x0 | out: puBuffLength=0x19f0b4*=0xf, pszText=0x0) returned 0x0 [0281.098] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61a898 [0281.098] WbemDefPath:IWbemPath:GetText (in: This=0x625d80, lFlags=4, puBuffLength=0x19f0b4*=0xf, pszText="" | out: puBuffLength=0x19f0b4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0281.098] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.098] WbemDefPath:IUnknown:Release (This=0x625d80) returned 0x0 [0281.098] WbemLocator:IWbemLocator:ConnectServer (in: This=0x616170, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x19f134 | out: ppNamespace=0x19f134*=0x5f8940) returned 0x0 [0281.171] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x607c30 [0281.171] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6038c0 [0281.171] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6263d8 [0281.171] WbemLocator:IUnknown:QueryInterface (in: This=0x5f8940, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x60dd4c) returned 0x0 [0281.171] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60dd4c, pProxy=0x5f8940, pAuthnSvc=0x19f100, pAuthzSvc=0x19f104, pServerPrincName=0x0, pAuthnLevel=0x19f174, pImpLevel=0x19f17c, pAuthInfo=0x0, pCapabilites=0x19f108 | out: pAuthnSvc=0x19f100*=0xa, pAuthzSvc=0x19f104*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f174*=0x6, pImpLevel=0x19f17c*=0x2, pAuthInfo=0x0, pCapabilites=0x19f108*=0x1) returned 0x0 [0281.171] WbemLocator:IUnknown:Release (This=0x60dd4c) returned 0x1 [0281.171] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.171] GetCurrentThreadId () returned 0xeac [0281.171] WbemLocator:IUnknown:QueryInterface (in: This=0x5f8940, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f19c | out: ppvObject=0x19f19c*=0x60dd4c) returned 0x0 [0281.172] WbemLocator:IClientSecurity:CopyProxy (in: This=0x60dd4c, pProxy=0x5f8940, ppCopy=0x19f1c0 | out: ppCopy=0x19f1c0*=0x5f8580) returned 0x0 [0281.172] WbemLocator:IUnknown:QueryInterface (in: This=0x5f8580, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f038 | out: ppvObject=0x19f038*=0x60dd4c) returned 0x0 [0281.172] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60dd4c, pProxy=0x5f8580, pAuthnSvc=0x19f068, pAuthzSvc=0x19f064, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19f068*=0xa, pAuthzSvc=0x19f064*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0281.172] WbemLocator:IUnknown:Release (This=0x60dd4c) returned 0x3 [0281.172] WbemLocator:IUnknown:QueryInterface (in: This=0x5f8580, riid=0x6d721f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f01c | out: ppvObject=0x19f01c*=0x60dd70) returned 0x0 [0281.172] WbemLocator:IUnknown:QueryInterface (in: This=0x5f8580, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f020 | out: ppvObject=0x19f020*=0x60dd4c) returned 0x0 [0281.172] WbemLocator:IClientSecurity:SetBlanket (This=0x60dd4c, pProxy=0x5f8580, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0281.172] WbemLocator:IUnknown:Release (This=0x60dd4c) returned 0x4 [0281.172] WbemLocator:IUnknown:Release (This=0x60dd70) returned 0x3 [0281.173] WbemLocator:IUnknown:Release (This=0x60dd4c) returned 0x2 [0281.173] WbemLocator:IUnknown:AddRef (This=0x5f8580) returned 0x3 [0281.173] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x603620 [0281.173] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62e840 [0281.173] WbemLocator:IUnknown:Release (This=0x5f8940) returned 0x2 [0281.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.173] GetCurrentThreadId () returned 0xeac [0281.173] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.173] GetCurrentThreadId () returned 0xeac [0281.173] WbemLocator:IUnknown:QueryInterface (in: This=0x5f8580, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1c4 | out: ppvObject=0x19f1c4*=0x60dd4c) returned 0x0 [0281.174] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60dd4c, pProxy=0x5f8580, pAuthnSvc=0x19f1b0, pAuthzSvc=0x19f1b4, pServerPrincName=0x0, pAuthnLevel=0x19f1c0, pImpLevel=0x19f1bc, pAuthInfo=0x0, pCapabilites=0x19f1b8 | out: pAuthnSvc=0x19f1b0*=0xa, pAuthzSvc=0x19f1b4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f1c0*=0x6, pImpLevel=0x19f1bc*=0x3, pAuthInfo=0x0, pCapabilites=0x19f1b8*=0x20) returned 0x0 [0281.174] WbemLocator:IUnknown:Release (This=0x60dd4c) returned 0x2 [0281.174] ResolveDelayLoadedAPI () returned 0x77152060 [0281.175] CreatePointerMoniker (in: punk=0x607c30, ppmk=0x19f394 | out: ppmk=0x19f394*=0x61a9d8) returned 0x0 [0281.175] IUnknown:AddRef (This=0x607c30) returned 0x2 [0281.184] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.184] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.184] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.184] WbemLocator:IUnknown:Release (This=0x616170) returned 0x0 [0281.184] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.184] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.187] WinMGMTS:IUnknown:Release (This=0x616310) returned 0x0 [0281.187] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.190] IUnknown:QueryInterface (in: This=0x61a9d8, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eeb4 | out: ppvObject=0x19eeb4*=0x61a9d8) returned 0x0 [0281.190] IUnknown:QueryInterface (in: This=0x61a9d8, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee70 | out: ppvObject=0x19ee70*=0x0) returned 0x80004002 [0281.190] IUnknown:QueryInterface (in: This=0x61a9d8, riid=0x7062fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec8c | out: ppvObject=0x19ec8c*=0x0) returned 0x80004002 [0281.190] IUnknown:QueryInterface (in: This=0x61a9d8, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea64 | out: ppvObject=0x19ea64*=0x0) returned 0x80004002 [0281.191] IUnknown:AddRef (This=0x61a9d8) returned 0x3 [0281.191] IUnknown:QueryInterface (in: This=0x61a9d8, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7cc | out: ppvObject=0x19e7cc*=0x0) returned 0x80004002 [0281.191] IUnknown:QueryInterface (in: This=0x61a9d8, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e77c | out: ppvObject=0x19e77c*=0x0) returned 0x80004002 [0281.191] IUnknown:QueryInterface (in: This=0x61a9d8, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e788 | out: ppvObject=0x19e788*=0x61a9ec) returned 0x0 [0281.191] IMarshal:GetUnmarshalClass (in: This=0x61a9ec, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e790 | out: pCid=0x19e790*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0281.191] IUnknown:Release (This=0x61a9ec) returned 0x3 [0281.191] CoGetContextToken (in: pToken=0x19e7e8 | out: pToken=0x19e7e8) returned 0x0 [0281.191] CoGetContextToken (in: pToken=0x19ebf0 | out: pToken=0x19ebf0) returned 0x0 [0281.191] IUnknown:QueryInterface (in: This=0x61a9d8, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec80 | out: ppvObject=0x19ec80*=0x0) returned 0x80004002 [0281.191] IUnknown:Release (This=0x61a9d8) returned 0x2 [0281.191] CoGetContextToken (in: pToken=0x19f1c8 | out: pToken=0x19f1c8) returned 0x0 [0281.191] CoGetContextToken (in: pToken=0x19f128 | out: pToken=0x19f128) returned 0x0 [0281.191] IUnknown:QueryInterface (in: This=0x61a9d8, riid=0x19f1f8*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f4 | out: ppvObject=0x19f1f4*=0x61a9d8) returned 0x0 [0281.191] IUnknown:AddRef (This=0x61a9d8) returned 0x4 [0281.192] IUnknown:Release (This=0x61a9d8) returned 0x3 [0281.192] IUnknown:Release (This=0x6195d0) returned 0x2 [0281.192] IUnknown:Release (This=0x61a9d8) returned 0x2 [0281.192] CoGetContextToken (in: pToken=0x19f250 | out: pToken=0x19f250) returned 0x0 [0281.192] IUnknown:AddRef (This=0x61a9d8) returned 0x3 [0281.192] BindMoniker (in: pmk=0x61a9d8, grfOpt=0x0, iidResult=0x2146e44*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x19f3f4 | out: ppvResult=0x19f3f4*=0x607c30) returned 0x0 [0281.192] IUnknown:QueryInterface (in: This=0x607c30, riid=0x2146e44*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3f4 | out: ppvObject=0x19f3f4*=0x607c30) returned 0x0 [0281.192] LoadRegTypeLib (in: rguid=0x6d722198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19ec54*=0x0 | out: pptlib=0x19ec54*=0x5e0a38) returned 0x0 [0281.230] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e0a38, GUID=0x607c74*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x607c5c | out: ppTInfo=0x607c5c*=0x63312c) returned 0x0 [0281.231] IUnknown:Release (This=0x5e0a38) returned 0x1 [0281.239] CoGetContextToken (in: pToken=0x19e7f0 | out: pToken=0x19e7f0) returned 0x0 [0281.239] CoGetContextToken (in: pToken=0x19ebf8 | out: pToken=0x19ebf8) returned 0x0 [0281.239] IUnknown:Release (This=0x61a9d8) returned 0x2 [0281.419] CoGetContextToken (in: pToken=0x19eed0 | out: pToken=0x19eed0) returned 0x0 [0281.419] LoadRegTypeLib (in: rguid=0x6d722198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eeb8*=0x0 | out: pptlib=0x19eeb8*=0x5e0a38) returned 0x0 [0281.421] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e0a38, GUID=0x607c64*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x607c58 | out: ppTInfo=0x607c58*=0x633158) returned 0x0 [0281.421] IUnknown:Release (This=0x5e0a38) returned 0x2 [0281.421] IUnknown:AddRef (This=0x633158) returned 0x2 [0281.421] DispGetIDsOfNames (in: ptinfo=0x633158, rgszNames=0x19ef40*="InstancesOf", cNames=0x1, rgdispid=0x19ef30 | out: rgdispid=0x19ef30*=5) returned 0x0 [0281.422] IUnknown:Release (This=0x633158) returned 0x1 [0281.423] IUnknown:AddRef (This=0x633158) returned 0x2 [0281.423] ITypeInfo:LocalInvoke (This=0x633158) returned 0x0 [0281.423] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.424] GetCurrentThreadId () returned 0xeac [0281.424] WbemLocator:IUnknown:AddRef (This=0x5f8580) returned 0x3 [0281.424] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.424] GetCurrentThreadId () returned 0xeac [0281.424] IWbemServices:CreateInstanceEnum (in: This=0x5f8580, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x19e744 | out: ppEnum=0x19e744*=0x62c010) returned 0x0 [0281.429] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x603380 [0281.429] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x603920 [0281.429] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x603440 [0281.429] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62e960 [0281.429] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x626998 [0281.429] IUnknown:QueryInterface (in: This=0x62c010, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5ec | out: ppvObject=0x19e5ec*=0x62c014) returned 0x0 [0281.429] IClientSecurity:QueryBlanket (in: This=0x62c014, pProxy=0x62c010, pAuthnSvc=0x19e5d8, pAuthzSvc=0x19e5e0, pServerPrincName=0x0, pAuthnLevel=0x19e614, pImpLevel=0x19e618, pAuthInfo=0x0, pCapabilites=0x19e5dc | out: pAuthnSvc=0x19e5d8*=0xa, pAuthzSvc=0x19e5e0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e614*=0x6, pImpLevel=0x19e618*=0x2, pAuthInfo=0x0, pCapabilites=0x19e5dc*=0x1) returned 0x0 [0281.429] IUnknown:Release (This=0x62c014) returned 0x1 [0281.429] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.429] GetCurrentThreadId () returned 0xeac [0281.430] WbemLocator:IUnknown:QueryInterface (in: This=0x5f8580, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5dc | out: ppvObject=0x19e5dc*=0x60dd4c) returned 0x0 [0281.430] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60dd4c, pProxy=0x5f8580, pAuthnSvc=0x19e5c4, pAuthzSvc=0x19e5c8, pServerPrincName=0x0, pAuthnLevel=0x19e5d4, pImpLevel=0x19e5d8, pAuthInfo=0x0, pCapabilites=0x19e5cc | out: pAuthnSvc=0x19e5c4*=0xa, pAuthzSvc=0x19e5c8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5d4*=0x6, pImpLevel=0x19e5d8*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5cc*=0x20) returned 0x0 [0281.430] WbemLocator:IUnknown:Release (This=0x60dd4c) returned 0x3 [0281.430] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.430] GetCurrentThreadId () returned 0xeac [0281.430] WbemLocator:IUnknown:QueryInterface (in: This=0x5f8580, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5dc | out: ppvObject=0x19e5dc*=0x60dd4c) returned 0x0 [0281.430] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60dd4c, pProxy=0x5f8580, pAuthnSvc=0x19e5c4, pAuthzSvc=0x19e5c8, pServerPrincName=0x0, pAuthnLevel=0x19e5d8, pImpLevel=0x19e5d4, pAuthInfo=0x0, pCapabilites=0x19e5cc | out: pAuthnSvc=0x19e5c4*=0xa, pAuthzSvc=0x19e5c8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5d8*=0x6, pImpLevel=0x19e5d4*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5cc*=0x20) returned 0x0 [0281.430] WbemLocator:IUnknown:Release (This=0x60dd4c) returned 0x3 [0281.430] IUnknown:QueryInterface (in: This=0x62c010, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e60c | out: ppvObject=0x19e60c*=0x62c014) returned 0x0 [0281.431] IClientSecurity:CopyProxy (in: This=0x62c014, pProxy=0x62c010, ppCopy=0x19e610 | out: ppCopy=0x19e610*=0x635a80) returned 0x0 [0281.431] IUnknown:QueryInterface (in: This=0x635a80, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e564 | out: ppvObject=0x19e564*=0x635a84) returned 0x0 [0281.431] IClientSecurity:QueryBlanket (in: This=0x635a84, pProxy=0x635a80, pAuthnSvc=0x19e594, pAuthzSvc=0x19e590, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e594*=0xa, pAuthzSvc=0x19e590*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0281.431] IUnknown:Release (This=0x635a84) returned 0x3 [0281.431] IUnknown:QueryInterface (in: This=0x635a80, riid=0x6d721f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e548 | out: ppvObject=0x19e548*=0x60e970) returned 0x0 [0281.431] IUnknown:QueryInterface (in: This=0x635a80, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e54c | out: ppvObject=0x19e54c*=0x635a84) returned 0x0 [0281.431] IClientSecurity:SetBlanket (This=0x635a84, pProxy=0x635a80, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0281.539] IUnknown:Release (This=0x635a84) returned 0x4 [0281.539] WbemLocator:IUnknown:Release (This=0x60e970) returned 0x3 [0281.539] IUnknown:Release (This=0x62c014) returned 0x2 [0281.539] IUnknown:AddRef (This=0x635a80) returned 0x3 [0281.539] IUnknown:Release (This=0x62c010) returned 0x2 [0281.540] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19e700 | out: pperrinfo=0x19e700*=0x0) returned 0x1 [0281.540] WbemLocator:IUnknown:Release (This=0x5f8580) returned 0x2 [0281.540] IUnknown:Release (This=0x633158) returned 0x1 [0281.540] LoadRegTypeLib (in: rguid=0x6d722198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19e714*=0x0 | out: pptlib=0x19e714*=0x5e0a38) returned 0x0 [0281.541] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e0a38, GUID=0x6033b8*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x6033a0 | out: ppTInfo=0x6033a0*=0x633260) returned 0x0 [0281.541] IUnknown:Release (This=0x5e0a38) returned 0x3 [0281.541] IUnknown:AddRef (This=0x633260) returned 0x2 [0281.541] ITypeInfo:RemoteGetTypeAttr (in: This=0x633260, ppTypeAttr=0x19e750, pDummy=0xc88b4755 | out: ppTypeAttr=0x19e750, pDummy=0xc88b4755) returned 0x0 [0281.542] ITypeInfo:LocalReleaseTypeAttr (This=0x633260) returned 0x0 [0281.542] IUnknown:Release (This=0x633260) returned 0x1 [0281.542] CoGetContextToken (in: pToken=0x19e2b0 | out: pToken=0x19e2b0) returned 0x0 [0281.542] CoGetContextToken (in: pToken=0x19e6b8 | out: pToken=0x19e6b8) returned 0x0 [0281.542] CoGetContextToken (in: pToken=0x19f298 | out: pToken=0x19f298) returned 0x0 [0281.542] CoGetContextToken (in: pToken=0x19f1f8 | out: pToken=0x19f1f8) returned 0x0 [0281.544] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0281.544] LoadRegTypeLib (in: rguid=0x6d722198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x19f208*=0x0 | out: pptlib=0x19f208*=0x5e0a38) returned 0x0 [0281.567] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e0a38, GUID=0x6033a8*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x60339c | out: ppTInfo=0x60339c*=0x633208) returned 0x0 [0281.567] IUnknown:Release (This=0x5e0a38) returned 0x4 [0281.567] IUnknown:AddRef (This=0x633208) returned 0x2 [0281.567] ITypeInfo:LocalInvoke (This=0x633208) returned 0x0 [0281.567] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.567] GetCurrentThreadId () returned 0xeac [0281.567] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62c8e0 [0281.567] IUnknown:Release (This=0x633208) returned 0x1 [0281.567] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0281.780] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5fe098 [0281.788] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5fe670 [0281.840] CoGetContextToken (in: pToken=0x19ef44 | out: pToken=0x19ef44) returned 0x0 [0281.877] CoGetContextToken (in: pToken=0x19ea40 | out: pToken=0x19ea40) returned 0x0 [0281.877] IUnknown:AddRef (This=0x633208) returned 0x2 [0281.877] ITypeInfo:LocalInvoke (This=0x633208) returned 0x0 [0281.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.877] GetCurrentThreadId () returned 0xeac [0281.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.877] GetCurrentThreadId () returned 0xeac [0281.877] IUnknown:AddRef (This=0x635a80) returned 0x3 [0281.877] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.877] GetCurrentThreadId () returned 0xeac [0281.877] IEnumWbemClassObject:Clone (in: This=0x635a80, ppEnum=0x19ea70 | out: ppEnum=0x19ea70*=0x637668) returned 0x0 [0281.880] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x637758 [0281.880] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x637cf8 [0281.880] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x637e78 [0281.880] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62e900 [0281.880] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x626600 [0281.880] IUnknown:QueryInterface (in: This=0x637668, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e91c | out: ppvObject=0x19e91c*=0x63766c) returned 0x0 [0281.880] IClientSecurity:QueryBlanket (in: This=0x63766c, pProxy=0x637668, pAuthnSvc=0x19e908, pAuthzSvc=0x19e910, pServerPrincName=0x0, pAuthnLevel=0x19e944, pImpLevel=0x19e948, pAuthInfo=0x0, pCapabilites=0x19e90c | out: pAuthnSvc=0x19e908*=0xa, pAuthzSvc=0x19e910*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e944*=0x6, pImpLevel=0x19e948*=0x2, pAuthInfo=0x0, pCapabilites=0x19e90c*=0x1) returned 0x0 [0281.880] IUnknown:Release (This=0x63766c) returned 0x1 [0281.880] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.880] GetCurrentThreadId () returned 0xeac [0281.880] IUnknown:QueryInterface (in: This=0x635a80, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e90c | out: ppvObject=0x19e90c*=0x635a84) returned 0x0 [0281.880] IClientSecurity:QueryBlanket (in: This=0x635a84, pProxy=0x635a80, pAuthnSvc=0x19e8f4, pAuthzSvc=0x19e8f8, pServerPrincName=0x0, pAuthnLevel=0x19e904, pImpLevel=0x19e908, pAuthInfo=0x0, pCapabilites=0x19e8fc | out: pAuthnSvc=0x19e8f4*=0xa, pAuthzSvc=0x19e8f8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e904*=0x6, pImpLevel=0x19e908*=0x3, pAuthInfo=0x0, pCapabilites=0x19e8fc*=0x20) returned 0x0 [0281.881] IUnknown:Release (This=0x635a84) returned 0x3 [0281.881] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.881] GetCurrentThreadId () returned 0xeac [0281.881] IUnknown:QueryInterface (in: This=0x635a80, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e90c | out: ppvObject=0x19e90c*=0x635a84) returned 0x0 [0281.881] IClientSecurity:QueryBlanket (in: This=0x635a84, pProxy=0x635a80, pAuthnSvc=0x19e8f4, pAuthzSvc=0x19e8f8, pServerPrincName=0x0, pAuthnLevel=0x19e908, pImpLevel=0x19e904, pAuthInfo=0x0, pCapabilites=0x19e8fc | out: pAuthnSvc=0x19e8f4*=0xa, pAuthzSvc=0x19e8f8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e908*=0x6, pImpLevel=0x19e904*=0x3, pAuthInfo=0x0, pCapabilites=0x19e8fc*=0x20) returned 0x0 [0281.881] IUnknown:Release (This=0x635a84) returned 0x3 [0281.881] IUnknown:QueryInterface (in: This=0x637668, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e93c | out: ppvObject=0x19e93c*=0x63766c) returned 0x0 [0281.881] IClientSecurity:CopyProxy (in: This=0x63766c, pProxy=0x637668, ppCopy=0x19e940 | out: ppCopy=0x19e940*=0x63c208) returned 0x0 [0281.881] IUnknown:QueryInterface (in: This=0x63c208, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e894 | out: ppvObject=0x19e894*=0x63c20c) returned 0x0 [0281.881] IClientSecurity:QueryBlanket (in: This=0x63c20c, pProxy=0x63c208, pAuthnSvc=0x19e8c4, pAuthzSvc=0x19e8c0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e8c4*=0xa, pAuthzSvc=0x19e8c0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0281.881] IUnknown:Release (This=0x63c20c) returned 0x3 [0281.881] IUnknown:QueryInterface (in: This=0x63c208, riid=0x6d721f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e878 | out: ppvObject=0x19e878*=0x60fa70) returned 0x0 [0281.881] IUnknown:QueryInterface (in: This=0x63c208, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e87c | out: ppvObject=0x19e87c*=0x63c20c) returned 0x0 [0281.881] IClientSecurity:SetBlanket (This=0x63c20c, pProxy=0x63c208, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0281.884] IUnknown:Release (This=0x63c20c) returned 0x4 [0281.884] WbemLocator:IUnknown:Release (This=0x60fa70) returned 0x3 [0281.884] IUnknown:Release (This=0x63766c) returned 0x2 [0281.884] IUnknown:AddRef (This=0x63c208) returned 0x3 [0281.884] IUnknown:Release (This=0x637668) returned 0x2 [0281.884] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19ea30 | out: pperrinfo=0x19ea30*=0x0) returned 0x1 [0281.884] IUnknown:Release (This=0x635a80) returned 0x2 [0281.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.884] GetCurrentThreadId () returned 0xeac [0281.884] IUnknown:AddRef (This=0x63c208) returned 0x3 [0281.884] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.884] GetCurrentThreadId () returned 0xeac [0281.885] IEnumWbemClassObject:Reset (This=0x63c208) returned 0x0 [0281.886] IUnknown:Release (This=0x63c208) returned 0x2 [0281.886] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62c790 [0281.886] IUnknown:Release (This=0x633208) returned 0x1 [0281.913] CoGetContextToken (in: pToken=0x19e228 | out: pToken=0x19e228) returned 0x0 [0281.914] CoGetContextToken (in: pToken=0x19e630 | out: pToken=0x19e630) returned 0x0 [0281.937] CoGetContextToken (in: pToken=0x19f028 | out: pToken=0x19f028) returned 0x0 [0281.938] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.938] GetCurrentThreadId () returned 0xeac [0281.938] IUnknown:AddRef (This=0x63c208) returned 0x3 [0281.938] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.938] GetCurrentThreadId () returned 0xeac [0281.938] IEnumWbemClassObject:Next (in: This=0x63c208, lTimeout=-1, uCount=0x1, apObjects=0x19f3a0, puReturned=0x19f380 | out: apObjects=0x19f3a0*=0x63eb18, puReturned=0x19f380*=0x1) returned 0x0 [0281.943] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x63cc30 [0281.943] IUnknown:AddRef (This=0x63eb18) returned 0x2 [0281.943] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x604ff8 [0281.943] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x637818 [0281.943] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x637878 [0281.943] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62e9a0 [0281.943] WbemLocator:IUnknown:AddRef (This=0x5f8580) returned 0x3 [0281.943] IUnknown:AddRef (This=0x63c208) returned 0x4 [0281.943] IUnknown:QueryInterface (in: This=0x63c208, riid=0x6d721f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3cc | out: ppvObject=0x19f3cc*=0x63c20c) returned 0x0 [0281.943] IClientSecurity:QueryBlanket (in: This=0x63c20c, pProxy=0x63c208, pAuthnSvc=0x19f350, pAuthzSvc=0x19f358, pServerPrincName=0x0, pAuthnLevel=0x19f37c, pImpLevel=0x19f388, pAuthInfo=0x0, pCapabilites=0x19f34c | out: pAuthnSvc=0x19f350*=0xa, pAuthzSvc=0x19f358*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f37c*=0x6, pImpLevel=0x19f388*=0x3, pAuthInfo=0x0, pCapabilites=0x19f34c*=0x20) returned 0x0 [0281.943] IUnknown:Release (This=0x63c20c) returned 0x4 [0281.943] WbemLocator:IUnknown:Release (This=0x5f8580) returned 0x2 [0281.943] WbemLocator:IUnknown:AddRef (This=0x5f8580) returned 0x3 [0281.943] IUnknown:Release (This=0x63c208) returned 0x3 [0281.943] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0281.943] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6356a0 [0281.943] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62e640 [0281.943] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61dab0 [0281.943] IUnknown:AddRef (This=0x63eb18) returned 0x3 [0281.943] IUnknown:Release (This=0x63eb18) returned 0x2 [0281.943] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f318 | out: pperrinfo=0x19f318*=0x0) returned 0x1 [0281.944] IUnknown:Release (This=0x63c208) returned 0x2 [0281.944] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3d0 | out: pperrinfo=0x19f3d0*=0x0) returned 0x1 [0281.944] LoadRegTypeLib (in: rguid=0x6d722198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19eb7c*=0x0 | out: pptlib=0x19eb7c*=0x5e0a38) returned 0x0 [0281.945] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e0a38, GUID=0x6d724c08*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x6356bc | out: ppTInfo=0x6356bc*=0x63328c) returned 0x0 [0281.945] IUnknown:Release (This=0x5e0a38) returned 0x5 [0281.945] IUnknown:AddRef (This=0x63328c) returned 0x2 [0281.946] ITypeInfo:RemoteGetTypeAttr (in: This=0x63328c, ppTypeAttr=0x19ebb8, pDummy=0xc88b4bfd | out: ppTypeAttr=0x19ebb8, pDummy=0xc88b4bfd) returned 0x0 [0281.946] ITypeInfo:LocalReleaseTypeAttr (This=0x63328c) returned 0x0 [0281.946] IUnknown:Release (This=0x63328c) returned 0x1 [0281.947] CoGetContextToken (in: pToken=0x19e718 | out: pToken=0x19e718) returned 0x0 [0281.947] CoGetContextToken (in: pToken=0x19eb20 | out: pToken=0x19eb20) returned 0x0 [0281.950] CoGetContextToken (in: pToken=0x19eee0 | out: pToken=0x19eee0) returned 0x0 [0281.951] LoadRegTypeLib (in: rguid=0x6d722198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eed8*=0x0 | out: pptlib=0x19eed8*=0x5e0a38) returned 0x0 [0281.952] ITypeLib:GetTypeInfoOfGuid (in: This=0x5e0a38, GUID=0x6d721e68*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x6356b8 | out: ppTInfo=0x6356b8*=0x6332b8) returned 0x0 [0281.952] IUnknown:Release (This=0x5e0a38) returned 0x6 [0281.952] IUnknown:AddRef (This=0x6332b8) returned 0x2 [0281.952] DispGetIDsOfNames (in: ptinfo=0x6332b8, rgszNames=0x19ef60*="SerialNumber", cNames=0x1, rgdispid=0x19ef50 | out: rgdispid=0x19ef50*=-1) returned 0x80020006 [0281.958] IUnknown:AddRef (This=0x63eb18) returned 0x3 [0281.958] IWbemClassObject:Get (in: This=0x63eb18, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x19eea8*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x19eea8*=0) returned 0x0 [0281.958] IUnknown:Release (This=0x63eb18) returned 0x2 [0281.958] SysStringLen (param_1="SerialNumber") returned 0xc [0281.958] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x61db78 [0281.958] SysStringLen (param_1="SerialNumber") returned 0xc [0281.958] IUnknown:Release (This=0x6332b8) returned 0x1 [0281.958] IUnknown:AddRef (This=0x6332b8) returned 0x2 [0281.958] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0281.958] GetCurrentThreadId () returned 0xeac [0281.958] SysStringLen (param_1="SerialNumber") returned 0xc [0281.958] IWbemClassObject:Get (in: This=0x63eb18, wszName="SerialNumber", lFlags=0, pVal=0x19ecf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ece8*=0, plFlavor=0x0 | out: pVal=0x19ecf0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..XXXXXXXXXXXXX.", varVal2=0x0), pType=0x19ece8*=8, plFlavor=0x0) returned 0x0 [0281.959] IUnknown:Release (This=0x6332b8) returned 0x1 [0281.959] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0281.959] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0282.025] CoGetContextToken (in: pToken=0x19f028 | out: pToken=0x19f028) returned 0x0 [0282.025] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0282.025] GetCurrentThreadId () returned 0xeac [0282.025] IUnknown:AddRef (This=0x63c208) returned 0x3 [0282.026] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0282.026] GetCurrentThreadId () returned 0xeac [0282.026] IEnumWbemClassObject:Next (in: This=0x63c208, lTimeout=-1, uCount=0x1, apObjects=0x19f3a0, puReturned=0x19f380 | out: apObjects=0x19f3a0*=0x0, puReturned=0x19f380*=0x0) returned 0x1 [0282.028] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f318 | out: pperrinfo=0x19f318*=0x0) returned 0x1 [0282.029] IUnknown:Release (This=0x63c208) returned 0x2 [0282.029] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3d0 | out: pperrinfo=0x19f3d0*=0x0) returned 0x1 [0282.142] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3cc [0282.143] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3dc [0282.149] SetEvent (hEvent=0x3dc) returned 1 [0282.169] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a8*=0x3cc, lpdwindex=0x19f1c4 | out: lpdwindex=0x19f1c4) returned 0x0 [0282.169] CoGetContextToken (in: pToken=0x19f278 | out: pToken=0x19f278) returned 0x0 [0282.169] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0282.169] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c718, riid=0x19f2a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2a4 | out: ppvObject=0x19f2a4*=0x64c718) returned 0x0 [0282.169] WbemDefPath:IUnknown:AddRef (This=0x64c718) returned 0x3 [0282.169] WbemDefPath:IUnknown:Release (This=0x64c718) returned 0x2 [0282.173] WbemDefPath:IWbemPath:SetText (This=0x64c718, uMode=0x4, pszPath="win32_processor") returned 0x0 [0282.175] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64c718, puCount=0x19f428 | out: puCount=0x19f428*=0x0) returned 0x0 [0282.175] WbemDefPath:IWbemPath:GetText (in: This=0x64c718, lFlags=2, puBuffLength=0x19f424*=0x0, pszText=0x0 | out: puBuffLength=0x19f424*=0x10, pszText=0x0) returned 0x0 [0282.175] WbemDefPath:IWbemPath:GetText (in: This=0x64c718, lFlags=2, puBuffLength=0x19f424*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f424*=0x10, pszText="win32_processor") returned 0x0 [0282.176] WbemDefPath:IWbemPath:GetInfo (in: This=0x64c718, uRequestedInfo=0x0, puResponse=0x19f430 | out: puResponse=0x19f430*=0xc15) returned 0x0 [0282.176] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64c718, puCount=0x19f428 | out: puCount=0x19f428*=0x0) returned 0x0 [0282.176] WbemDefPath:IWbemPath:GetInfo (in: This=0x64c718, uRequestedInfo=0x0, puResponse=0x19f430 | out: puResponse=0x19f430*=0xc15) returned 0x0 [0282.176] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64c718, puCount=0x19f418 | out: puCount=0x19f418*=0x0) returned 0x0 [0282.176] WbemDefPath:IWbemPath:GetText (in: This=0x64c718, lFlags=2, puBuffLength=0x19f414*=0x0, pszText=0x0 | out: puBuffLength=0x19f414*=0x10, pszText=0x0) returned 0x0 [0282.176] WbemDefPath:IWbemPath:GetText (in: This=0x64c718, lFlags=2, puBuffLength=0x19f414*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f414*=0x10, pszText="win32_processor") returned 0x0 [0282.176] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64c718, puCount=0x19f418 | out: puCount=0x19f418*=0x0) returned 0x0 [0282.176] WbemDefPath:IWbemPath:GetText (in: This=0x64c718, lFlags=2, puBuffLength=0x19f414*=0x0, pszText=0x0 | out: puBuffLength=0x19f414*=0x10, pszText=0x0) returned 0x0 [0282.176] WbemDefPath:IWbemPath:GetText (in: This=0x64c718, lFlags=2, puBuffLength=0x19f414*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f414*=0x10, pszText="win32_processor") returned 0x0 [0282.176] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64c718, puCount=0x19f3a8 | out: puCount=0x19f3a8*=0x0) returned 0x0 [0282.177] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x408 [0282.177] SetEvent (hEvent=0x3dc) returned 1 [0282.177] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19ec0c*=0x408, lpdwindex=0x19ea2c | out: lpdwindex=0x19ea2c) returned 0x0 [0282.179] CoGetContextToken (in: pToken=0x19ead8 | out: pToken=0x19ead8) returned 0x0 [0282.179] CoGetContextToken (in: pToken=0x19ea38 | out: pToken=0x19ea38) returned 0x0 [0282.179] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c6a8, riid=0x19eb08*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19eb04 | out: ppvObject=0x19eb04*=0x64c6a8) returned 0x0 [0282.179] WbemDefPath:IUnknown:AddRef (This=0x64c6a8) returned 0x3 [0282.179] WbemDefPath:IUnknown:Release (This=0x64c6a8) returned 0x2 [0282.179] WbemDefPath:IWbemPath:SetText (This=0x64c6a8, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0282.180] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64c6a8, puCount=0x19f394 | out: puCount=0x19f394*=0x2) returned 0x0 [0282.180] WbemDefPath:IWbemPath:GetText (in: This=0x64c6a8, lFlags=4, puBuffLength=0x19f390*=0x0, pszText=0x0 | out: puBuffLength=0x19f390*=0xf, pszText=0x0) returned 0x0 [0282.180] WbemDefPath:IWbemPath:GetText (in: This=0x64c6a8, lFlags=4, puBuffLength=0x19f390*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f390*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0282.180] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40c [0282.180] SetEvent (hEvent=0x3dc) returned 1 [0282.180] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2f0*=0x40c, lpdwindex=0x19f10c | out: lpdwindex=0x19f10c) returned 0x0 [0282.185] CoGetContextToken (in: pToken=0x19f1c0 | out: pToken=0x19f1c0) returned 0x0 [0282.185] CoGetContextToken (in: pToken=0x19f120 | out: pToken=0x19f120) returned 0x0 [0282.185] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c408, riid=0x19f1f0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x64c408) returned 0x0 [0282.185] WbemDefPath:IUnknown:AddRef (This=0x64c408) returned 0x3 [0282.185] WbemDefPath:IUnknown:Release (This=0x64c408) returned 0x2 [0282.185] WbemDefPath:IWbemPath:SetText (This=0x64c408, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0282.185] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64c408, puCount=0x19f36c | out: puCount=0x19f36c*=0x2) returned 0x0 [0282.185] WbemDefPath:IWbemPath:GetText (in: This=0x64c408, lFlags=4, puBuffLength=0x19f368*=0x0, pszText=0x0 | out: puBuffLength=0x19f368*=0xf, pszText=0x0) returned 0x0 [0282.185] WbemDefPath:IWbemPath:GetText (in: This=0x64c408, lFlags=4, puBuffLength=0x19f368*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f368*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0282.220] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f28c*=0x420, lpdwindex=0x19f13c | out: lpdwindex=0x19f13c) returned 0x0 [0282.711] CoGetContextToken (in: pToken=0x19f088 | out: pToken=0x19f088) returned 0x0 [0282.711] CoGetContextToken (in: pToken=0x19f030 | out: pToken=0x19f030) returned 0x0 [0282.711] IUnknown:QueryInterface (in: This=0x5f0470, riid=0x705a8724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f010 | out: ppvObject=0x19f010*=0x5f0480) returned 0x0 [0282.711] CObjectContext::ContextCallback () returned 0x0 [0282.717] IUnknown:Release (This=0x5f0480) returned 0x1 [0282.717] CoUnmarshalInterface (in: pStm=0x62e8c0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f078 | out: ppv=0x19f078*=0x60f770) returned 0x0 [0282.718] CoMarshalInterface (pStm=0x62e8c0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60f770, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0282.718] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef1c | out: ppvObject=0x19ef1c*=0x60f770) returned 0x0 [0282.718] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eed8 | out: ppvObject=0x19eed8*=0x0) returned 0x80004002 [0282.719] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x7062fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x0) returned 0x80004002 [0282.720] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eacc | out: ppvObject=0x19eacc*=0x0) returned 0x80004002 [0282.721] WbemLocator:IUnknown:AddRef (This=0x60f770) returned 0x3 [0282.721] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e834 | out: ppvObject=0x19e834*=0x0) returned 0x80004002 [0282.721] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7e4 | out: ppvObject=0x19e7e4*=0x0) returned 0x80004002 [0282.721] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7f0 | out: ppvObject=0x19e7f0*=0x60f6cc) returned 0x0 [0282.722] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60f6cc, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e7f8 | out: pCid=0x19e7f8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0282.722] WbemLocator:IUnknown:Release (This=0x60f6cc) returned 0x3 [0282.722] CoGetContextToken (in: pToken=0x19e850 | out: pToken=0x19e850) returned 0x0 [0282.722] CoGetContextToken (in: pToken=0x19ec58 | out: pToken=0x19ec58) returned 0x0 [0282.722] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ece8 | out: ppvObject=0x19ece8*=0x60f754) returned 0x0 [0282.722] WbemLocator:IRpcOptions:Query (in: This=0x60f754, pPrx=0x60f770, dwProperty=2, pdwValue=0x19ed10 | out: pdwValue=0x19ed10) returned 0x0 [0282.722] WbemLocator:IUnknown:Release (This=0x60f754) returned 0x3 [0282.722] WbemLocator:IUnknown:Release (This=0x60f770) returned 0x2 [0282.722] WbemLocator:IUnknown:Release (This=0x60f770) returned 0x1 [0282.722] CoGetContextToken (in: pToken=0x19efc8 | out: pToken=0x19efc8) returned 0x0 [0282.722] WbemLocator:IUnknown:AddRef (This=0x60f770) returned 0x2 [0282.722] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f280 | out: ppvObject=0x19f280*=0x60f74c) returned 0x0 [0282.722] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60f74c, pProxy=0x60f770, pAuthnSvc=0x19f2d0, pAuthzSvc=0x19f2cc, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8, pImpLevel=0x19f2b8, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0 | out: pAuthnSvc=0x19f2d0*=0xa, pAuthzSvc=0x19f2cc*=0x0, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8*=0x6, pImpLevel=0x19f2b8*=0x2, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0*=0x1) returned 0x0 [0282.722] WbemLocator:IUnknown:Release (This=0x60f74c) returned 0x2 [0282.722] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x6e6710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f274 | out: ppvObject=0x19f274*=0x60f770) returned 0x0 [0282.722] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x60f74c) returned 0x0 [0282.722] WbemLocator:IClientSecurity:SetBlanket (This=0x60f74c, pProxy=0x60f770, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0282.723] WbemLocator:IUnknown:Release (This=0x60f74c) returned 0x3 [0282.723] WbemLocator:IUnknown:Release (This=0x60f770) returned 0x2 [0282.723] CoTaskMemFree (pv=0x6523e0) [0282.723] WbemLocator:IUnknown:Release (This=0x60f770) returned 0x1 [0282.723] SysStringLen (param_1=0x0) returned 0x0 [0282.723] CoGetContextToken (in: pToken=0x19f238 | out: pToken=0x19f238) returned 0x0 [0282.723] CoGetContextToken (in: pToken=0x19f198 | out: pToken=0x19f198) returned 0x0 [0282.723] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x19f268*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f264 | out: ppvObject=0x19f264*=0x5e5a18) returned 0x0 [0282.724] WbemLocator:IUnknown:AddRef (This=0x5e5a18) returned 0x3 [0282.724] WbemLocator:IUnknown:Release (This=0x5e5a18) returned 0x2 [0282.724] CoGetContextToken (in: pToken=0x19f1f8 | out: pToken=0x19f1f8) returned 0x0 [0282.724] WbemLocator:IUnknown:AddRef (This=0x5e5a18) returned 0x3 [0282.724] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5a18, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f280 | out: ppvObject=0x19f280*=0x60f74c) returned 0x0 [0282.724] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60f74c, pProxy=0x5e5a18, pAuthnSvc=0x19f2d0, pAuthzSvc=0x19f2cc, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8, pImpLevel=0x19f2b8, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0 | out: pAuthnSvc=0x19f2d0*=0xa, pAuthzSvc=0x19f2cc*=0x0, pServerPrincName=0x19f2c4, pAuthnLevel=0x19f2c8*=0x6, pImpLevel=0x19f2b8*=0x2, pAuthInfo=0x19f2bc, pCapabilites=0x19f2c0*=0x1) returned 0x0 [0282.724] WbemLocator:IUnknown:Release (This=0x60f74c) returned 0x3 [0282.724] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5a18, riid=0x6e6710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f274 | out: ppvObject=0x19f274*=0x60f770) returned 0x0 [0282.724] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5a18, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f270 | out: ppvObject=0x19f270*=0x60f74c) returned 0x0 [0282.725] WbemLocator:IClientSecurity:SetBlanket (This=0x60f74c, pProxy=0x5e5a18, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0282.725] WbemLocator:IUnknown:Release (This=0x60f74c) returned 0x4 [0282.725] WbemLocator:IUnknown:Release (This=0x60f770) returned 0x3 [0282.725] CoTaskMemFree (pv=0x652590) [0282.725] WbemLocator:IUnknown:Release (This=0x5e5a18) returned 0x2 [0282.725] SysStringLen (param_1=0x0) returned 0x0 [0282.725] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64c408, puCount=0x19f390 | out: puCount=0x19f390*=0x2) returned 0x0 [0282.725] WbemDefPath:IWbemPath:GetText (in: This=0x64c408, lFlags=4, puBuffLength=0x19f38c*=0x0, pszText=0x0 | out: puBuffLength=0x19f38c*=0xf, pszText=0x0) returned 0x0 [0282.725] WbemDefPath:IWbemPath:GetText (in: This=0x64c408, lFlags=4, puBuffLength=0x19f38c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f38c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0282.726] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0282.726] CoUnmarshalInterface (in: pStm=0x62e8c0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eff0 | out: ppv=0x19eff0*=0x60f770) returned 0x0 [0282.726] CoMarshalInterface (pStm=0x62e8c0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60f770, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0282.726] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee94 | out: ppvObject=0x19ee94*=0x60f770) returned 0x0 [0282.726] WbemLocator:IUnknown:Release (This=0x60f770) returned 0x3 [0282.726] WbemLocator:IUnknown:Release (This=0x60f770) returned 0x2 [0282.726] CoGetContextToken (in: pToken=0x19ef40 | out: pToken=0x19ef40) returned 0x0 [0282.726] WbemLocator:IUnknown:AddRef (This=0x60f770) returned 0x3 [0282.726] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x60f74c) returned 0x0 [0282.726] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60f74c, pProxy=0x60f770, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x3, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x20) returned 0x0 [0282.726] WbemLocator:IUnknown:Release (This=0x60f74c) returned 0x3 [0282.726] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x6e6710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x60f770) returned 0x0 [0282.727] WbemLocator:IUnknown:QueryInterface (in: This=0x60f770, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x60f74c) returned 0x0 [0282.727] WbemLocator:IClientSecurity:SetBlanket (This=0x60f74c, pProxy=0x60f770, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0282.727] WbemLocator:IUnknown:Release (This=0x60f74c) returned 0x4 [0282.727] WbemLocator:IUnknown:Release (This=0x60f770) returned 0x3 [0282.727] WbemLocator:IUnknown:Release (This=0x60f770) returned 0x2 [0282.727] SysStringLen (param_1=0x0) returned 0x0 [0282.727] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0282.727] WbemLocator:IUnknown:AddRef (This=0x5e5a18) returned 0x3 [0282.727] WbemLocator:IUnknown:Release (This=0x5e5a18) returned 0x2 [0282.727] CoGetContextToken (in: pToken=0x19f170 | out: pToken=0x19f170) returned 0x0 [0282.727] WbemLocator:IUnknown:AddRef (This=0x5e5a18) returned 0x3 [0282.727] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5a18, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x60f74c) returned 0x0 [0282.727] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60f74c, pProxy=0x5e5a18, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x3, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x20) returned 0x0 [0282.727] WbemLocator:IUnknown:Release (This=0x60f74c) returned 0x3 [0282.727] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5a18, riid=0x6e6710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x60f770) returned 0x0 [0282.727] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5a18, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e8 | out: ppvObject=0x19f1e8*=0x60f74c) returned 0x0 [0282.727] WbemLocator:IClientSecurity:SetBlanket (This=0x60f74c, pProxy=0x5e5a18, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0282.728] WbemLocator:IUnknown:Release (This=0x60f74c) returned 0x4 [0282.728] WbemLocator:IUnknown:Release (This=0x60f770) returned 0x3 [0282.728] WbemLocator:IUnknown:Release (This=0x5e5a18) returned 0x2 [0282.728] SysStringLen (param_1=0x0) returned 0x0 [0282.728] WbemDefPath:IWbemPath:GetText (in: This=0x64c718, lFlags=2, puBuffLength=0x19f394*=0x0, pszText=0x0 | out: puBuffLength=0x19f394*=0x10, pszText=0x0) returned 0x0 [0282.728] WbemDefPath:IWbemPath:GetText (in: This=0x64c718, lFlags=2, puBuffLength=0x19f394*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f394*=0x10, pszText="win32_processor") returned 0x0 [0282.733] IWbemServices:GetObject (in: This=0x5e5a18, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x19f348*=0x0, ppCallResult=0x0 | out: ppObject=0x19f348*=0x656c08, ppCallResult=0x0) returned 0x0 [0282.752] IWbemClassObject:Get (in: This=0x656c08, wszName="__PATH", lFlags=0, pVal=0x19f330*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3d8*=0, plFlavor=0x19f3d4*=0 | out: pVal=0x19f330*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x19f3d8*=8, plFlavor=0x19f3d4*=64) returned 0x0 [0282.754] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0282.754] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0282.754] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x458 [0282.754] SetEvent (hEvent=0x3dc) returned 1 [0282.754] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2ec*=0x458, lpdwindex=0x19f10c | out: lpdwindex=0x19f10c) returned 0x0 [0282.757] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0282.757] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0282.757] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c868, riid=0x19f1e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x64c868) returned 0x0 [0282.757] WbemDefPath:IUnknown:AddRef (This=0x64c868) returned 0x3 [0282.757] WbemDefPath:IUnknown:Release (This=0x64c868) returned 0x2 [0282.757] WbemDefPath:IWbemPath:SetText (This=0x64c868, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x0 [0282.757] IWbemClassObject:Get (in: This=0x656c08, wszName="__CLASS", lFlags=0, pVal=0x19f3a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f420*=0, plFlavor=0x19f41c*=0 | out: pVal=0x19f3a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x19f420*=8, plFlavor=0x19f41c*=64) returned 0x0 [0282.757] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0282.757] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0282.757] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0282.757] WbemLocator:IUnknown:AddRef (This=0x5e5a18) returned 0x3 [0282.757] IWbemServices:CreateInstanceEnum (in: This=0x5e5a18, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x19f39c | out: ppEnum=0x19f39c*=0x63c6b8) returned 0x0 [0282.760] IUnknown:QueryInterface (in: This=0x63c6b8, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f230 | out: ppvObject=0x19f230*=0x63c6bc) returned 0x0 [0282.760] IClientSecurity:QueryBlanket (in: This=0x63c6bc, pProxy=0x63c6b8, pAuthnSvc=0x19f280, pAuthzSvc=0x19f27c, pServerPrincName=0x19f274, pAuthnLevel=0x19f278, pImpLevel=0x19f268, pAuthInfo=0x19f26c, pCapabilites=0x19f270 | out: pAuthnSvc=0x19f280*=0xa, pAuthzSvc=0x19f27c*=0x0, pServerPrincName=0x19f274, pAuthnLevel=0x19f278*=0x6, pImpLevel=0x19f268*=0x2, pAuthInfo=0x19f26c, pCapabilites=0x19f270*=0x1) returned 0x0 [0282.760] IUnknown:Release (This=0x63c6bc) returned 0x1 [0282.760] IUnknown:QueryInterface (in: This=0x63c6b8, riid=0x6e6710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x60ef70) returned 0x0 [0282.760] IUnknown:QueryInterface (in: This=0x63c6b8, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f220 | out: ppvObject=0x19f220*=0x63c6bc) returned 0x0 [0282.760] IClientSecurity:SetBlanket (This=0x63c6bc, pProxy=0x63c6b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0282.765] IUnknown:Release (This=0x63c6bc) returned 0x2 [0282.765] WbemLocator:IUnknown:Release (This=0x60ef70) returned 0x1 [0282.765] CoTaskMemFree (pv=0x652200) [0282.765] IUnknown:QueryInterface (in: This=0x63c6b8, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee18 | out: ppvObject=0x19ee18*=0x60ef70) returned 0x0 [0282.766] WbemLocator:IUnknown:QueryInterface (in: This=0x60ef70, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edd4 | out: ppvObject=0x19edd4*=0x0) returned 0x80004002 [0282.773] WbemLocator:IUnknown:QueryInterface (in: This=0x60ef70, riid=0x7062fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebf4 | out: ppvObject=0x19ebf4*=0x0) returned 0x80004002 [0282.776] IUnknown:QueryInterface (in: This=0x63c6b8, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9cc | out: ppvObject=0x19e9cc*=0x0) returned 0x80004002 [0282.794] WbemLocator:IUnknown:AddRef (This=0x60ef70) returned 0x3 [0282.794] WbemLocator:IUnknown:QueryInterface (in: This=0x60ef70, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e734 | out: ppvObject=0x19e734*=0x0) returned 0x80004002 [0282.794] WbemLocator:IUnknown:QueryInterface (in: This=0x60ef70, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6e4 | out: ppvObject=0x19e6e4*=0x0) returned 0x80004002 [0282.794] WbemLocator:IUnknown:QueryInterface (in: This=0x60ef70, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6f0 | out: ppvObject=0x19e6f0*=0x60eecc) returned 0x0 [0282.794] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60eecc, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6f8 | out: pCid=0x19e6f8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0282.794] WbemLocator:IUnknown:Release (This=0x60eecc) returned 0x3 [0282.794] CoGetContextToken (in: pToken=0x19e750 | out: pToken=0x19e750) returned 0x0 [0282.794] CoGetContextToken (in: pToken=0x19eb58 | out: pToken=0x19eb58) returned 0x0 [0282.795] WbemLocator:IUnknown:QueryInterface (in: This=0x60ef70, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebe8 | out: ppvObject=0x19ebe8*=0x60ef54) returned 0x0 [0282.795] WbemLocator:IRpcOptions:Query (in: This=0x60ef54, pPrx=0x60ef70, dwProperty=2, pdwValue=0x19ec10 | out: pdwValue=0x19ec10) returned 0x80004002 [0282.795] WbemLocator:IUnknown:Release (This=0x60ef54) returned 0x3 [0282.795] WbemLocator:IUnknown:Release (This=0x60ef70) returned 0x2 [0282.795] CoGetContextToken (in: pToken=0x19f128 | out: pToken=0x19f128) returned 0x0 [0282.795] CoGetContextToken (in: pToken=0x19f088 | out: pToken=0x19f088) returned 0x0 [0282.795] WbemLocator:IUnknown:QueryInterface (in: This=0x60ef70, riid=0x19f158*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f154 | out: ppvObject=0x19f154*=0x63c6b8) returned 0x0 [0282.795] IUnknown:AddRef (This=0x63c6b8) returned 0x4 [0282.795] IUnknown:Release (This=0x63c6b8) returned 0x3 [0282.795] IUnknown:Release (This=0x63c6b8) returned 0x2 [0282.795] WbemLocator:IUnknown:Release (This=0x5e5a18) returned 0x2 [0282.795] SysStringLen (param_1=0x0) returned 0x0 [0282.795] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64c408, puCount=0x19f3d8 | out: puCount=0x19f3d8*=0x2) returned 0x0 [0282.795] WbemDefPath:IWbemPath:GetText (in: This=0x64c408, lFlags=4, puBuffLength=0x19f3d4*=0x0, pszText=0x0 | out: puBuffLength=0x19f3d4*=0xf, pszText=0x0) returned 0x0 [0282.795] WbemDefPath:IWbemPath:GetText (in: This=0x64c408, lFlags=4, puBuffLength=0x19f3d4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3d4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0282.795] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0282.795] IUnknown:AddRef (This=0x63c6b8) returned 0x3 [0282.795] IEnumWbemClassObject:Clone (in: This=0x63c6b8, ppEnum=0x19f3d8 | out: ppEnum=0x19f3d8*=0x63c848) returned 0x0 [0282.824] IUnknown:QueryInterface (in: This=0x63c848, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x63c84c) returned 0x0 [0282.824] IClientSecurity:QueryBlanket (in: This=0x63c84c, pProxy=0x63c848, pAuthnSvc=0x19f2ec, pAuthzSvc=0x19f2e8, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4, pImpLevel=0x19f2d4, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc | out: pAuthnSvc=0x19f2ec*=0xa, pAuthzSvc=0x19f2e8*=0x0, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4*=0x6, pImpLevel=0x19f2d4*=0x2, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc*=0x1) returned 0x0 [0282.824] IUnknown:Release (This=0x63c84c) returned 0x1 [0282.824] IUnknown:QueryInterface (in: This=0x63c848, riid=0x6e6710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x60f170) returned 0x0 [0282.824] IUnknown:QueryInterface (in: This=0x63c848, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x63c84c) returned 0x0 [0282.824] IClientSecurity:SetBlanket (This=0x63c84c, pProxy=0x63c848, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0282.843] IUnknown:Release (This=0x63c84c) returned 0x2 [0282.843] WbemLocator:IUnknown:Release (This=0x60f170) returned 0x1 [0282.843] CoTaskMemFree (pv=0x6522f0) [0282.843] IUnknown:QueryInterface (in: This=0x63c848, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee78 | out: ppvObject=0x19ee78*=0x60f170) returned 0x0 [0282.843] WbemLocator:IUnknown:QueryInterface (in: This=0x60f170, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee34 | out: ppvObject=0x19ee34*=0x0) returned 0x80004002 [0282.875] WbemLocator:IUnknown:QueryInterface (in: This=0x60f170, riid=0x7062fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec54 | out: ppvObject=0x19ec54*=0x0) returned 0x80004002 [0282.917] IUnknown:QueryInterface (in: This=0x63c848, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea2c | out: ppvObject=0x19ea2c*=0x0) returned 0x80004002 [0282.959] WbemLocator:IUnknown:AddRef (This=0x60f170) returned 0x3 [0282.959] WbemLocator:IUnknown:QueryInterface (in: This=0x60f170, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0282.959] WbemLocator:IUnknown:QueryInterface (in: This=0x60f170, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e744 | out: ppvObject=0x19e744*=0x0) returned 0x80004002 [0282.959] WbemLocator:IUnknown:QueryInterface (in: This=0x60f170, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e750 | out: ppvObject=0x19e750*=0x60f0cc) returned 0x0 [0282.960] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60f0cc, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e758 | out: pCid=0x19e758*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0282.960] WbemLocator:IUnknown:Release (This=0x60f0cc) returned 0x3 [0282.960] CoGetContextToken (in: pToken=0x19e7b0 | out: pToken=0x19e7b0) returned 0x0 [0282.960] CoGetContextToken (in: pToken=0x19ebb8 | out: pToken=0x19ebb8) returned 0x0 [0282.960] WbemLocator:IUnknown:QueryInterface (in: This=0x60f170, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec48 | out: ppvObject=0x19ec48*=0x60f154) returned 0x0 [0282.960] WbemLocator:IRpcOptions:Query (in: This=0x60f154, pPrx=0x60f170, dwProperty=2, pdwValue=0x19ec70 | out: pdwValue=0x19ec70) returned 0x80004002 [0282.960] WbemLocator:IUnknown:Release (This=0x60f154) returned 0x3 [0282.960] WbemLocator:IUnknown:Release (This=0x60f170) returned 0x2 [0282.960] CoGetContextToken (in: pToken=0x19f188 | out: pToken=0x19f188) returned 0x0 [0282.960] CoGetContextToken (in: pToken=0x19f0e8 | out: pToken=0x19f0e8) returned 0x0 [0282.960] WbemLocator:IUnknown:QueryInterface (in: This=0x60f170, riid=0x19f1b8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1b4 | out: ppvObject=0x19f1b4*=0x63c848) returned 0x0 [0282.960] IUnknown:AddRef (This=0x63c848) returned 0x4 [0282.960] IUnknown:Release (This=0x63c848) returned 0x3 [0282.960] IUnknown:Release (This=0x63c848) returned 0x2 [0282.960] IUnknown:Release (This=0x63c6b8) returned 0x2 [0282.960] SysStringLen (param_1=0x0) returned 0x0 [0282.961] IEnumWbemClassObject:Reset (This=0x63c848) returned 0x0 [0282.975] CoTaskMemAlloc (cb=0x4) returned 0x644970 [0282.975] IEnumWbemClassObject:Next (This=0x63c848, lTimeout=-1, uCount=0x1, apObjects=0x644970, puReturned=0x21c6bc8) Thread: id = 272 os_tid = 0xeb8 Thread: id = 277 os_tid = 0xecc Thread: id = 278 os_tid = 0xed0 [0273.369] CoGetContextToken (in: pToken=0x42dfc3c | out: pToken=0x42dfc3c) returned 0x800401f0 [0273.369] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0273.369] RoInitialize () returned 0x1 [0273.369] RoUninitialize () returned 0x0 Thread: id = 281 os_tid = 0xf44 Thread: id = 282 os_tid = 0xf48 Thread: id = 283 os_tid = 0xf4c Thread: id = 289 os_tid = 0xf64 [0282.148] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0282.148] RoInitialize () returned 0x1 [0282.148] RoUninitialize () returned 0x0 [0282.166] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x4eef5b4 | out: lpiid=0x4eef5b4) returned 0x0 [0282.166] CoGetClassObject (in: rclsid=0x63570c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x705a54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x644910) returned 0x0 [0282.167] WbemDefPath:IUnknown:QueryInterface (in: This=0x644910, riid=0x705595e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0282.167] WbemDefPath:IClassFactory:CreateInstance (in: This=0x644910, pUnkOuter=0x0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x64c718) returned 0x0 [0282.167] WbemDefPath:IUnknown:Release (This=0x644910) returned 0x0 [0282.167] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c718, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x64c718) returned 0x0 [0282.167] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c718, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0282.167] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c718, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0282.168] WbemDefPath:IUnknown:AddRef (This=0x64c718) returned 0x3 [0282.168] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c718, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0282.168] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c718, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0282.168] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c718, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x647040) returned 0x0 [0282.168] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x647040, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0282.168] WbemDefPath:IUnknown:Release (This=0x647040) returned 0x3 [0282.168] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0282.168] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0282.169] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c718, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0282.169] WbemDefPath:IUnknown:Release (This=0x64c718) returned 0x2 [0282.169] WbemDefPath:IUnknown:Release (This=0x64c718) returned 0x1 [0282.169] SetEvent (hEvent=0x3cc) returned 1 [0282.178] CoGetClassObject (in: rclsid=0x63570c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x705a54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x644990) returned 0x0 [0282.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x644990, riid=0x705595e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0282.178] WbemDefPath:IClassFactory:CreateInstance (in: This=0x644990, pUnkOuter=0x0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x64c6a8) returned 0x0 [0282.178] WbemDefPath:IUnknown:Release (This=0x644990) returned 0x0 [0282.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c6a8, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x64c6a8) returned 0x0 [0282.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c6a8, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0282.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c6a8, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0282.178] WbemDefPath:IUnknown:AddRef (This=0x64c6a8) returned 0x3 [0282.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c6a8, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0282.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c6a8, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0282.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c6a8, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x646f38) returned 0x0 [0282.178] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x646f38, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0282.179] WbemDefPath:IUnknown:Release (This=0x646f38) returned 0x3 [0282.179] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0282.179] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0282.179] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c6a8, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0282.179] WbemDefPath:IUnknown:Release (This=0x64c6a8) returned 0x2 [0282.179] WbemDefPath:IUnknown:Release (This=0x64c6a8) returned 0x1 [0282.179] SetEvent (hEvent=0x408) returned 1 [0282.181] CoGetClassObject (in: rclsid=0x63570c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x705a54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x644900) returned 0x0 [0282.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x644900, riid=0x705595e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0282.181] WbemDefPath:IClassFactory:CreateInstance (in: This=0x644900, pUnkOuter=0x0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x64c408) returned 0x0 [0282.181] WbemDefPath:IUnknown:Release (This=0x644900) returned 0x0 [0282.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c408, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x64c408) returned 0x0 [0282.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c408, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0282.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c408, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0282.181] WbemDefPath:IUnknown:AddRef (This=0x64c408) returned 0x3 [0282.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c408, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0282.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c408, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0282.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c408, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x6470d0) returned 0x0 [0282.181] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6470d0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0282.181] WbemDefPath:IUnknown:Release (This=0x6470d0) returned 0x3 [0282.181] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0282.181] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0282.181] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c408, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0282.181] WbemDefPath:IUnknown:Release (This=0x64c408) returned 0x2 [0282.181] WbemDefPath:IUnknown:Release (This=0x64c408) returned 0x1 [0282.182] SetEvent (hEvent=0x40c) returned 1 [0282.755] CoGetClassObject (in: rclsid=0x63570c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x705a54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4eef2c8 | out: ppv=0x4eef2c8*=0x6449a0) returned 0x0 [0282.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x6449a0, riid=0x705595e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4eef4e0 | out: ppvObject=0x4eef4e0*=0x0) returned 0x80004002 [0282.756] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6449a0, pUnkOuter=0x0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef4f4 | out: ppvObject=0x4eef4f4*=0x64c868) returned 0x0 [0282.756] WbemDefPath:IUnknown:Release (This=0x6449a0) returned 0x0 [0282.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c868, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eef114 | out: ppvObject=0x4eef114*=0x64c868) returned 0x0 [0282.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c868, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4eef0d0 | out: ppvObject=0x4eef0d0*=0x0) returned 0x80004002 [0282.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c868, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4eeecc4 | out: ppvObject=0x4eeecc4*=0x0) returned 0x80004002 [0282.756] WbemDefPath:IUnknown:AddRef (This=0x64c868) returned 0x3 [0282.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c868, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4eeea2c | out: ppvObject=0x4eeea2c*=0x0) returned 0x80004002 [0282.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c868, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4eee9dc | out: ppvObject=0x4eee9dc*=0x0) returned 0x80004002 [0282.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c868, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eee9e8 | out: ppvObject=0x4eee9e8*=0x646d40) returned 0x0 [0282.756] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x646d40, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4eee9f0 | out: pCid=0x4eee9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0282.756] WbemDefPath:IUnknown:Release (This=0x646d40) returned 0x3 [0282.756] CoGetContextToken (in: pToken=0x4eeea48 | out: pToken=0x4eeea48) returned 0x0 [0282.756] CoGetContextToken (in: pToken=0x4eeee50 | out: pToken=0x4eeee50) returned 0x0 [0282.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x64c868, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4eeeee0 | out: ppvObject=0x4eeeee0*=0x0) returned 0x80004002 [0282.756] WbemDefPath:IUnknown:Release (This=0x64c868) returned 0x2 [0282.756] WbemDefPath:IUnknown:Release (This=0x64c868) returned 0x1 [0282.756] SetEvent (hEvent=0x458) returned 1 Thread: id = 290 os_tid = 0xf68 [0282.191] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0282.191] RoInitialize () returned 0x1 [0282.191] RoUninitialize () returned 0x0 [0282.191] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x502f7fc | out: lpiid=0x502f7fc) returned 0x0 [0282.192] CoGetClassObject (in: rclsid=0x63525c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x705a54e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x502f510 | out: ppv=0x502f510*=0x6472b0) returned 0x0 [0282.192] WbemLocator:IUnknown:QueryInterface (in: This=0x6472b0, riid=0x705595e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x502f728 | out: ppvObject=0x502f728*=0x0) returned 0x80004002 [0282.192] WbemLocator:IClassFactory:CreateInstance (in: This=0x6472b0, pUnkOuter=0x0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f73c | out: ppvObject=0x502f73c*=0x6448d0) returned 0x0 [0282.192] WbemLocator:IUnknown:Release (This=0x6472b0) returned 0x0 [0282.192] WbemLocator:IUnknown:QueryInterface (in: This=0x6448d0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f35c | out: ppvObject=0x502f35c*=0x6448d0) returned 0x0 [0282.192] WbemLocator:IUnknown:QueryInterface (in: This=0x6448d0, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x502f318 | out: ppvObject=0x502f318*=0x0) returned 0x80004002 [0282.192] WbemLocator:IUnknown:QueryInterface (in: This=0x6448d0, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x502ef0c | out: ppvObject=0x502ef0c*=0x0) returned 0x80004002 [0282.193] WbemLocator:IUnknown:AddRef (This=0x6448d0) returned 0x3 [0282.193] WbemLocator:IUnknown:QueryInterface (in: This=0x6448d0, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x502ec74 | out: ppvObject=0x502ec74*=0x0) returned 0x80004002 [0282.193] WbemLocator:IUnknown:QueryInterface (in: This=0x6448d0, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x502ec24 | out: ppvObject=0x502ec24*=0x0) returned 0x80004002 [0282.193] WbemLocator:IUnknown:QueryInterface (in: This=0x6448d0, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502ec30 | out: ppvObject=0x502ec30*=0x0) returned 0x80004002 [0282.193] CoGetContextToken (in: pToken=0x502ec90 | out: pToken=0x502ec90) returned 0x0 [0282.193] CoGetObjectContext (in: riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x64735c | out: ppv=0x64735c*=0x5f0470) returned 0x0 [0282.194] CoGetContextToken (in: pToken=0x502f098 | out: pToken=0x502f098) returned 0x0 [0282.194] WbemLocator:IUnknown:QueryInterface (in: This=0x6448d0, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f128 | out: ppvObject=0x502f128*=0x0) returned 0x80004002 [0282.194] WbemLocator:IUnknown:Release (This=0x6448d0) returned 0x2 [0282.194] WbemLocator:IUnknown:Release (This=0x6448d0) returned 0x1 [0282.195] CoGetContextToken (in: pToken=0x502f708 | out: pToken=0x502f708) returned 0x0 [0282.195] CoGetContextToken (in: pToken=0x502f668 | out: pToken=0x502f668) returned 0x0 [0282.195] WbemLocator:IUnknown:QueryInterface (in: This=0x6448d0, riid=0x502f738*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x502f734 | out: ppvObject=0x502f734*=0x6448d0) returned 0x0 [0282.195] WbemLocator:IUnknown:AddRef (This=0x6448d0) returned 0x3 [0282.195] WbemLocator:IUnknown:Release (This=0x6448d0) returned 0x2 [0282.197] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64c408, puCount=0x502f8cc | out: puCount=0x502f8cc*=0x2) returned 0x0 [0282.197] WbemDefPath:IWbemPath:GetText (in: This=0x64c408, lFlags=8, puBuffLength=0x502f8c8*=0x0, pszText=0x0 | out: puBuffLength=0x502f8c8*=0xf, pszText=0x0) returned 0x0 [0282.197] WbemDefPath:IWbemPath:GetText (in: This=0x64c408, lFlags=8, puBuffLength=0x502f8c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x502f8c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0282.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x502eb4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0282.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x502f050, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0282.203] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6e670000 [0282.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x502f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1aLmdç\x93È «NpHó\x02\x05ØÈd", lpUsedDefaultChar=0x0) returned 13 [0282.210] GetProcAddress (hModule=0x6e670000, lpProcName="ResetSecurity") returned 0x6e6726fe [0282.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x502f084, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0282.216] GetProcAddress (hModule=0x6e670000, lpProcName="SetSecurity") returned 0x6e672740 [0282.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x502f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 18 [0282.223] GetProcAddress (hModule=0x6e670000, lpProcName="BlessIWbemServices") returned 0x6e671e89 [0282.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x502f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 24 [0282.243] GetProcAddress (hModule=0x6e670000, lpProcName="BlessIWbemServicesObject") returned 0x6e671edb [0282.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0282.262] GetProcAddress (hModule=0x6e670000, lpProcName="GetPropertyHandle") returned 0x6e6723d4 [0282.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x502f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValueLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 18 [0282.272] GetProcAddress (hModule=0x6e670000, lpProcName="WritePropertyValue") returned 0x6e672837 [0282.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x502f08c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 5 [0282.281] GetProcAddress (hModule=0x6e670000, lpProcName="Clone") returned 0x6e671f2d [0282.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x502f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0282.288] GetProcAddress (hModule=0x6e670000, lpProcName="VerifyClientKey") returned 0x6e6727d4 [0282.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x502f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0282.292] GetProcAddress (hModule=0x6e670000, lpProcName="GetQualifierSet") returned 0x6e672435 [0282.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x502f08c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0282.293] GetProcAddress (hModule=0x6e670000, lpProcName="Get") returned 0x6e6722f4 [0282.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x502f08c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0282.308] GetProcAddress (hModule=0x6e670000, lpProcName="Put") returned 0x6e6724de [0282.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x502f08c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 6 [0282.321] GetProcAddress (hModule=0x6e670000, lpProcName="Delete") returned 0x6e672151 [0282.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x502f088, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 8 [0282.330] GetProcAddress (hModule=0x6e670000, lpProcName="GetNames") returned 0x6e6723a2 [0282.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0282.346] GetProcAddress (hModule=0x6e670000, lpProcName="BeginEnumeration") returned 0x6e671e63 [0282.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x502f08c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 4 [0282.353] GetProcAddress (hModule=0x6e670000, lpProcName="Next") returned 0x6e6724a3 [0282.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x502f084, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 14 [0282.365] GetProcAddress (hModule=0x6e670000, lpProcName="EndEnumeration") returned 0x6e6721e2 [0282.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x502f078, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0282.371] GetProcAddress (hModule=0x6e670000, lpProcName="GetPropertyQualifierSet") returned 0x6e67241f [0282.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x502f08c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 5 [0282.380] GetProcAddress (hModule=0x6e670000, lpProcName="Clone") returned 0x6e671f2d [0282.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x502f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 13 [0282.381] GetProcAddress (hModule=0x6e670000, lpProcName="GetObjectText") returned 0x6e6723be [0282.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0282.390] GetProcAddress (hModule=0x6e670000, lpProcName="SpawnDerivedClass") returned 0x6e672786 [0282.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x502f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 13 [0282.398] GetProcAddress (hModule=0x6e670000, lpProcName="SpawnInstance") returned 0x6e67279c [0282.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x502f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 9 [0282.399] GetProcAddress (hModule=0x6e670000, lpProcName="CompareTo") returned 0x6e671fad [0282.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0282.408] GetProcAddress (hModule=0x6e670000, lpProcName="GetPropertyOrigin") returned 0x6e672409 [0282.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x502f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 12 [0282.419] GetProcAddress (hModule=0x6e670000, lpProcName="InheritsFrom") returned 0x6e672448 [0282.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x502f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 9 [0282.421] GetProcAddress (hModule=0x6e670000, lpProcName="GetMethod") returned 0x6e67235a [0282.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x502f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 9 [0282.432] GetProcAddress (hModule=0x6e670000, lpProcName="PutMethod") returned 0x6e6725fa [0282.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x502f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 12 [0282.446] GetProcAddress (hModule=0x6e670000, lpProcName="DeleteMethod") returned 0x6e672164 [0282.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x502f07c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 22 [0282.447] GetProcAddress (hModule=0x6e670000, lpProcName="BeginMethodEnumeration") returned 0x6e671e76 [0282.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x502f088, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 10 [0282.449] GetProcAddress (hModule=0x6e670000, lpProcName="NextMethod") returned 0x6e6724c2 [0282.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x502f07c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 20 [0282.460] GetProcAddress (hModule=0x6e670000, lpProcName="EndMethodEnumeration") returned 0x6e6721f2 [0282.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x502f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 21 [0282.461] GetProcAddress (hModule=0x6e670000, lpProcName="GetMethodQualifierSet") returned 0x6e67238c [0282.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x502f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0282.462] GetProcAddress (hModule=0x6e670000, lpProcName="GetMethodOrigin") returned 0x6e672376 [0282.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0282.463] GetProcAddress (hModule=0x6e670000, lpProcName="QualifierSet_Get") returned 0x6e67264c [0282.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0282.479] GetProcAddress (hModule=0x6e670000, lpProcName="QualifierSet_Put") returned 0x6e67269a [0282.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x502f07c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0282.491] GetProcAddress (hModule=0x6e670000, lpProcName="QualifierSet_Delete") returned 0x6e672629 [0282.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x502f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 21 [0282.492] GetProcAddress (hModule=0x6e670000, lpProcName="QualifierSet_GetNames") returned 0x6e672668 [0282.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x502f074, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 29 [0282.505] GetProcAddress (hModule=0x6e670000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6e672616 [0282.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x502f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 17 [0282.506] GetProcAddress (hModule=0x6e670000, lpProcName="QualifierSet_Next") returned 0x6e67267e [0282.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x502f074, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0282.517] GetProcAddress (hModule=0x6e670000, lpProcName="QualifierSet_EndEnumeration") returned 0x6e67263c [0282.518] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x502f078, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0282.518] GetProcAddress (hModule=0x6e670000, lpProcName="GetCurrentApartmentType") returned 0x6e672435 [0282.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x502f07c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 20 [0282.535] GetProcAddress (hModule=0x6e670000, lpProcName="GetDemultiplexedStub") returned 0x6e672313 [0282.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x502f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 21 [0282.547] GetProcAddress (hModule=0x6e670000, lpProcName="CreateInstanceEnumWmi") returned 0x6e6720db [0282.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x502f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmiLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 18 [0282.569] GetProcAddress (hModule=0x6e670000, lpProcName="CreateClassEnumWmi") returned 0x6e672065 [0282.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x502f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 12 [0282.571] GetProcAddress (hModule=0x6e670000, lpProcName="ExecQueryWmi") returned 0x6e67227b [0282.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x502f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmiD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 24 [0282.600] GetProcAddress (hModule=0x6e670000, lpProcName="ExecNotificationQueryWmi") returned 0x6e672202 [0282.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x502f084, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmiLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 14 [0282.602] GetProcAddress (hModule=0x6e670000, lpProcName="PutInstanceWmi") returned 0x6e67257a [0282.625] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x502f084, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0282.626] GetProcAddress (hModule=0x6e670000, lpProcName="PutClassWmi") returned 0x6e6724fa [0282.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x502f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObjectD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 24 [0282.627] GetProcAddress (hModule=0x6e670000, lpProcName="CloneEnumWbemClassObject") returned 0x6e671f40 [0282.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x502f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmiD\x1aLmdç\x93È «NpHó\x02\x05", lpUsedDefaultChar=0x0) returned 16 [0282.658] GetProcAddress (hModule=0x6e670000, lpProcName="ConnectServerWmi") returned 0x6e671fc3 [0282.682] CoCreateInstance (in: rclsid=0x6e671284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6e6712e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x502f7a4 | out: ppv=0x502f7a4*=0x6449f0) returned 0x0 [0282.682] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6449f0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x502f838 | out: ppNamespace=0x502f838*=0x5e5608) returned 0x0 [0282.700] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5608, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f6d4 | out: ppvObject=0x502f6d4*=0x60ed4c) returned 0x0 [0282.700] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x60ed4c, pProxy=0x5e5608, pAuthnSvc=0x502f724, pAuthzSvc=0x502f720, pServerPrincName=0x502f718, pAuthnLevel=0x502f71c, pImpLevel=0x502f70c, pAuthInfo=0x502f710, pCapabilites=0x502f714 | out: pAuthnSvc=0x502f724*=0xa, pAuthzSvc=0x502f720*=0x0, pServerPrincName=0x502f718, pAuthnLevel=0x502f71c*=0x6, pImpLevel=0x502f70c*=0x2, pAuthInfo=0x502f710, pCapabilites=0x502f714*=0x1) returned 0x0 [0282.700] WbemLocator:IUnknown:Release (This=0x60ed4c) returned 0x1 [0282.700] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5608, riid=0x6e6710f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f6c8 | out: ppvObject=0x502f6c8*=0x60ed70) returned 0x0 [0282.700] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5608, riid=0x6e671104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f6c4 | out: ppvObject=0x502f6c4*=0x60ed4c) returned 0x0 [0282.700] WbemLocator:IClientSecurity:SetBlanket (This=0x60ed4c, pProxy=0x5e5608, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0282.700] WbemLocator:IUnknown:Release (This=0x60ed4c) returned 0x2 [0282.700] WbemLocator:IUnknown:Release (This=0x60ed70) returned 0x1 [0282.700] CoTaskMemFree (pv=0x6522f0) [0282.701] WbemLocator:IUnknown:Release (This=0x6449f0) returned 0x0 [0282.701] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5608, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f2c4 | out: ppvObject=0x502f2c4*=0x60ed70) returned 0x0 [0282.701] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed70, riid=0x7062fdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x502f280 | out: ppvObject=0x502f280*=0x0) returned 0x80004002 [0282.701] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed70, riid=0x7062fb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x502f09c | out: ppvObject=0x502f09c*=0x0) returned 0x80004002 [0282.701] WbemLocator:IUnknown:QueryInterface (in: This=0x5e5608, riid=0x7063056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x502ee74 | out: ppvObject=0x502ee74*=0x0) returned 0x80004002 [0282.702] WbemLocator:IUnknown:AddRef (This=0x60ed70) returned 0x3 [0282.702] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed70, riid=0x70630208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x502ebdc | out: ppvObject=0x502ebdc*=0x0) returned 0x80004002 [0282.702] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed70, riid=0x7063015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x502eb8c | out: ppvObject=0x502eb8c*=0x0) returned 0x80004002 [0282.702] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed70, riid=0x705040e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502eb98 | out: ppvObject=0x502eb98*=0x60eccc) returned 0x0 [0282.702] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x60eccc, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x502eba0 | out: pCid=0x502eba0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0282.702] WbemLocator:IUnknown:Release (This=0x60eccc) returned 0x3 [0282.702] CoGetContextToken (in: pToken=0x502ebf8 | out: pToken=0x502ebf8) returned 0x0 [0282.702] CoGetContextToken (in: pToken=0x502f000 | out: pToken=0x502f000) returned 0x0 [0282.702] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed70, riid=0x70630448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x502f090 | out: ppvObject=0x502f090*=0x60ed54) returned 0x0 [0282.702] WbemLocator:IRpcOptions:Query (in: This=0x60ed54, pPrx=0x60ed70, dwProperty=2, pdwValue=0x502f0b8 | out: pdwValue=0x502f0b8) returned 0x80004002 [0282.702] WbemLocator:IUnknown:Release (This=0x60ed54) returned 0x3 [0282.702] WbemLocator:IUnknown:Release (This=0x60ed70) returned 0x2 [0282.702] CoGetContextToken (in: pToken=0x502f5d8 | out: pToken=0x502f5d8) returned 0x0 [0282.702] CoGetContextToken (in: pToken=0x502f538 | out: pToken=0x502f538) returned 0x0 [0282.702] WbemLocator:IUnknown:QueryInterface (in: This=0x60ed70, riid=0x502f608*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x502f604 | out: ppvObject=0x502f604*=0x5e5608) returned 0x0 [0282.702] WbemLocator:IUnknown:AddRef (This=0x5e5608) returned 0x4 [0282.702] WbemLocator:IUnknown:Release (This=0x5e5608) returned 0x3 [0282.703] WbemLocator:IUnknown:Release (This=0x5e5608) returned 0x2 [0282.707] SysStringLen (param_1=0x0) returned 0x0 [0282.708] CoUninitialize () Thread: id = 291 os_tid = 0xf70 [0282.715] CoGetContextToken (in: pToken=0x502f26c | out: pToken=0x502f26c) returned 0x0 [0282.715] CoGetContextToken (in: pToken=0x502f25c | out: pToken=0x502f25c) returned 0x0 [0282.715] CoGetMarshalSizeMax (in: pulSize=0x502f218, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60ed70, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x502f218) returned 0x0 [0282.716] CoMarshalInterface (pStm=0x62e8c0, riid=0x704f6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x60ed70, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Process: id = "14" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x3e184000" os_pid = "0xeb0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0xea0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00010021" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2722 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2723 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2724 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2725 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2726 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2727 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2728 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2729 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2730 start_va = 0x7ff629040000 end_va = 0x7ff629050fff monitored = 0 entry_point = 0x7ff6290416b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 2731 start_va = 0x7ffb55e80000 end_va = 0x7ffb56040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2767 start_va = 0x760000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 2768 start_va = 0x7ffb52dc0000 end_va = 0x7ffb52fa7fff monitored = 0 entry_point = 0x7ffb52deba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2769 start_va = 0x7ffb55cc0000 end_va = 0x7ffb55d6cfff monitored = 0 entry_point = 0x7ffb55cd81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2783 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2784 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2785 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2786 start_va = 0x7ffb53700000 end_va = 0x7ffb5379cfff monitored = 0 entry_point = 0x7ffb537078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2787 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2788 start_va = 0x600000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2789 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2790 start_va = 0x7ffb3ccb0000 end_va = 0x7ffb3cd08fff monitored = 0 entry_point = 0x7ffb3ccbfbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 2791 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2792 start_va = 0x7ffb55800000 end_va = 0x7ffb55a7cfff monitored = 0 entry_point = 0x7ffb558d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2793 start_va = 0x7ffb54e90000 end_va = 0x7ffb54fabfff monitored = 0 entry_point = 0x7ffb54ed02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2794 start_va = 0x7ffb53210000 end_va = 0x7ffb53279fff monitored = 0 entry_point = 0x7ffb53246d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2795 start_va = 0x7ffb55050000 end_va = 0x7ffb551a5fff monitored = 0 entry_point = 0x7ffb5505a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2796 start_va = 0x7ffb537a0000 end_va = 0x7ffb53925fff monitored = 0 entry_point = 0x7ffb537effc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2797 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2798 start_va = 0x7ffb55660000 end_va = 0x7ffb557a2fff monitored = 0 entry_point = 0x7ffb55688210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2799 start_va = 0x7ffb55b90000 end_va = 0x7ffb55beafff monitored = 0 entry_point = 0x7ffb55ba38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2800 start_va = 0x7ffb557c0000 end_va = 0x7ffb557fafff monitored = 0 entry_point = 0x7ffb557c12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2801 start_va = 0x7ffb55bf0000 end_va = 0x7ffb55cb0fff monitored = 0 entry_point = 0x7ffb55c10da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2802 start_va = 0x7ffb50930000 end_va = 0x7ffb50ab5fff monitored = 0 entry_point = 0x7ffb5097d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2803 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2804 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2805 start_va = 0x860000 end_va = 0x9e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 2806 start_va = 0x9f0000 end_va = 0xb70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 2807 start_va = 0xb80000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 2808 start_va = 0x600000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2809 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 2831 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2832 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 2833 start_va = 0x7ffb53930000 end_va = 0x7ffb54e8efff monitored = 0 entry_point = 0x7ffb53a911f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2834 start_va = 0x7ffb52c90000 end_va = 0x7ffb52cd2fff monitored = 0 entry_point = 0x7ffb52ca4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2835 start_va = 0x7ffb52530000 end_va = 0x7ffb52b73fff monitored = 0 entry_point = 0x7ffb526f64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2836 start_va = 0x7ffb53280000 end_va = 0x7ffb53326fff monitored = 0 entry_point = 0x7ffb532958d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2837 start_va = 0x7ffb53540000 end_va = 0x7ffb53591fff monitored = 0 entry_point = 0x7ffb5354f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2838 start_va = 0x7ffb52520000 end_va = 0x7ffb5252efff monitored = 0 entry_point = 0x7ffb52523210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2839 start_va = 0x7ffb52ce0000 end_va = 0x7ffb52d94fff monitored = 0 entry_point = 0x7ffb52d222e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2840 start_va = 0x7ffb524c0000 end_va = 0x7ffb5250afff monitored = 0 entry_point = 0x7ffb524c35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2841 start_va = 0x7ffb524a0000 end_va = 0x7ffb524b3fff monitored = 0 entry_point = 0x7ffb524a52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2842 start_va = 0x7ffb50e20000 end_va = 0x7ffb50eb5fff monitored = 0 entry_point = 0x7ffb50e45570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2843 start_va = 0x1f80000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 2845 start_va = 0x2120000 end_va = 0x2456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2846 start_va = 0x2460000 end_va = 0x2670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 2847 start_va = 0x2680000 end_va = 0x2899fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 2848 start_va = 0x1f80000 end_va = 0x208bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 2849 start_va = 0x2110000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 2850 start_va = 0x28a0000 end_va = 0x2ab2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028a0000" filename = "" Region: id = 2851 start_va = 0x2ac0000 end_va = 0x2bcefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 2854 start_va = 0x640000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2855 start_va = 0x7ffb535a0000 end_va = 0x7ffb536f9fff monitored = 0 entry_point = 0x7ffb535e38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2856 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2857 start_va = 0x2bd0000 end_va = 0x2c8bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bd0000" filename = "" Region: id = 2858 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2859 start_va = 0x7ffb50430000 end_va = 0x7ffb50451fff monitored = 0 entry_point = 0x7ffb50431a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 2860 start_va = 0x7ffb50b20000 end_va = 0x7ffb50b32fff monitored = 0 entry_point = 0x7ffb50b22760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2861 start_va = 0x7ffb522b0000 end_va = 0x7ffb52305fff monitored = 0 entry_point = 0x7ffb522c0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2862 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2863 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2864 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 2865 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2866 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2867 start_va = 0x1f0000 end_va = 0x1f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2868 start_va = 0x680000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 2869 start_va = 0x690000 end_va = 0x691fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 2870 start_va = 0x7ffb49530000 end_va = 0x7ffb497a3fff monitored = 0 entry_point = 0x7ffb495a0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 2871 start_va = 0x6a0000 end_va = 0x6a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2872 start_va = 0x6c0000 end_va = 0x6c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Thread: id = 271 os_tid = 0xeb4 Thread: id = 275 os_tid = 0xec4 Thread: id = 276 os_tid = 0xec8 Thread: id = 279 os_tid = 0xed4