# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 28.09.2021 06:07:21.134 Process: id = "1" image_name = "e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" page_root = "0x46002000" os_pid = "0x13e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x664" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 121 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 122 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 123 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 124 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 125 start_va = 0x400000 end_va = 0x409fff monitored = 1 entry_point = 0x40428e region_type = mapped_file name = "e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") Region: id = 126 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 127 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 128 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 266 start_va = 0x4a0000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 267 start_va = 0x7ffc45030000 end_va = 0x7ffc45097fff monitored = 1 entry_point = 0x7ffc45034970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 268 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 269 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 270 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 271 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 272 start_va = 0x5a0000 end_va = 0x65dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 356 start_va = 0x660000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 357 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 358 start_va = 0x7ffc5a2e0000 end_va = 0x7ffc5a358fff monitored = 0 entry_point = 0x7ffc5a2ffb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 359 start_va = 0x7ff5ffe50000 end_va = 0x7ff5ffecdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 360 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 361 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 362 start_va = 0x730000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 363 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 364 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 365 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 366 start_va = 0x830000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 367 start_va = 0x190000 end_va = 0x196fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 368 start_va = 0x7ffc44ec0000 end_va = 0x7ffc44f57fff monitored = 1 entry_point = 0x7ffc44ec1000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 369 start_va = 0x7ffc5e7b0000 end_va = 0x7ffc5e801fff monitored = 0 entry_point = 0x7ffc5e7bf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 370 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 371 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 372 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 373 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 374 start_va = 0x1a0000 end_va = 0x1d8fff monitored = 0 entry_point = 0x1a12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 375 start_va = 0x830000 end_va = 0x9b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 376 start_va = 0x9f0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 377 start_va = 0x7ffc5e810000 end_va = 0x7ffc5e84afff monitored = 0 entry_point = 0x7ffc5e8112f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 378 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 379 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 380 start_va = 0xa00000 end_va = 0xb80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 381 start_va = 0xb90000 end_va = 0x1f8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 382 start_va = 0x1c0000 end_va = 0x1c2fff monitored = 1 entry_point = 0x1c428e region_type = mapped_file name = "e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") Region: id = 383 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 384 start_va = 0x7ffc51300000 end_va = 0x7ffc51309fff monitored = 0 entry_point = 0x7ffc51301350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 385 start_va = 0x7ffc40790000 end_va = 0x7ffc4111dfff monitored = 1 entry_point = 0x7ffc408bd9f0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 386 start_va = 0x7ffc40690000 end_va = 0x7ffc40786fff monitored = 0 entry_point = 0x7ffc406b4d80 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 387 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 388 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 389 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 390 start_va = 0x7ffbe1040000 end_va = 0x7ffbe104ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe1040000" filename = "" Region: id = 391 start_va = 0x7ffbe1050000 end_va = 0x7ffbe105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe1050000" filename = "" Region: id = 392 start_va = 0x7ffbe1060000 end_va = 0x7ffbe10effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe1060000" filename = "" Region: id = 393 start_va = 0x7ffbe10f0000 end_va = 0x7ffbe115ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe10f0000" filename = "" Region: id = 394 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 395 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 396 start_va = 0x420000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 397 start_va = 0x440000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 398 start_va = 0x1f90000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 399 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 400 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 401 start_va = 0x2090000 end_va = 0x1a08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 402 start_va = 0x1a090000 end_va = 0x1a3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a090000" filename = "" Region: id = 403 start_va = 0x1a400000 end_va = 0x1a50bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a400000" filename = "" Region: id = 404 start_va = 0x1a510000 end_va = 0x1a60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a510000" filename = "" Region: id = 405 start_va = 0x1a610000 end_va = 0x1a946fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 406 start_va = 0x7ffc3f1c0000 end_va = 0x7ffc40685fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll") Region: id = 407 start_va = 0x7ff5ffe30000 end_va = 0x7ff5ffecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe30000" filename = "" Region: id = 408 start_va = 0x7ff5ffe20000 end_va = 0x7ff5ffe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe20000" filename = "" Region: id = 409 start_va = 0x7ffc5e3e0000 end_va = 0x7ffc5e522fff monitored = 0 entry_point = 0x7ffc5e408210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 410 start_va = 0x660000 end_va = 0x71ffff monitored = 0 entry_point = 0x680da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 411 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 412 start_va = 0x1a950000 end_va = 0x1aa2cfff monitored = 0 entry_point = 0x1a9ae0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 413 start_va = 0x7ffbe1160000 end_va = 0x7ffbe119ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe1160000" filename = "" Region: id = 414 start_va = 0x7ffbe11a0000 end_va = 0x7ffbe11affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe11a0000" filename = "" Region: id = 415 start_va = 0x7ffc3ef80000 end_va = 0x7ffc3f084fff monitored = 1 entry_point = 0x7ffc3ef8107c region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 416 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 417 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 418 start_va = 0x7ffc3e360000 end_va = 0x7ffc3ef73fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll") Region: id = 419 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 420 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 421 start_va = 0x440000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 422 start_va = 0x7ffc3d9d0000 end_va = 0x7ffc3e350fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll") Region: id = 423 start_va = 0x7ffc3f0a0000 end_va = 0x7ffc3f1bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll") Region: id = 424 start_va = 0x7ffc3d130000 end_va = 0x7ffc3d9c9fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll") Region: id = 425 start_va = 0x7ffc44f70000 end_va = 0x7ffc45029fff monitored = 0 entry_point = 0x7ffc44f75d90 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 426 start_va = 0x7ffc470f0000 end_va = 0x7ffc47117fff monitored = 0 entry_point = 0x7ffc470fc7c0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 427 start_va = 0x7ffc54b40000 end_va = 0x7ffc54b53fff monitored = 0 entry_point = 0x7ffc54b42d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 428 start_va = 0x7ffc5e740000 end_va = 0x7ffc5e7aafff monitored = 0 entry_point = 0x7ffc5e7590c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 429 start_va = 0x7ffc5b700000 end_va = 0x7ffc5b75bfff monitored = 0 entry_point = 0x7ffc5b716f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 430 start_va = 0x470000 end_va = 0x471fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 431 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 432 start_va = 0x1a950000 end_va = 0x1aa2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 433 start_va = 0x1aa30000 end_va = 0x1ab2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aa30000" filename = "" Region: id = 434 start_va = 0x1ab30000 end_va = 0x1ac2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ab30000" filename = "" Region: id = 435 start_va = 0x7ffc57e70000 end_va = 0x7ffc57f37fff monitored = 0 entry_point = 0x7ffc57eb13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 436 start_va = 0x7ffc54160000 end_va = 0x7ffc54174fff monitored = 0 entry_point = 0x7ffc54162dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 437 start_va = 0x7ffc55820000 end_va = 0x7ffc55857fff monitored = 0 entry_point = 0x7ffc55838cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 438 start_va = 0x7ffc5e950000 end_va = 0x7ffc5e957fff monitored = 0 entry_point = 0x7ffc5e951ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 439 start_va = 0x7ffc55190000 end_va = 0x7ffc551a5fff monitored = 0 entry_point = 0x7ffc551919f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 440 start_va = 0x7ffc54b20000 end_va = 0x7ffc54b39fff monitored = 0 entry_point = 0x7ffc54b22430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 441 start_va = 0x1ac30000 end_va = 0x1ad6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ac30000" filename = "" Region: id = 442 start_va = 0x1ac30000 end_va = 0x1ad2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ac30000" filename = "" Region: id = 443 start_va = 0x1ad60000 end_va = 0x1ad6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad60000" filename = "" Region: id = 444 start_va = 0x7ffc5cc80000 end_va = 0x7ffc5e1defff monitored = 0 entry_point = 0x7ffc5cde11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 445 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 446 start_va = 0x7ffc5c3c0000 end_va = 0x7ffc5ca03fff monitored = 0 entry_point = 0x7ffc5c5864b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 447 start_va = 0x7ffc5cb50000 end_va = 0x7ffc5cc04fff monitored = 0 entry_point = 0x7ffc5cb922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 448 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 449 start_va = 0x7ffc5be30000 end_va = 0x7ffc5be43fff monitored = 0 entry_point = 0x7ffc5be352e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 450 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 451 start_va = 0x660000 end_va = 0x660fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 452 start_va = 0x660000 end_va = 0x668fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 453 start_va = 0x660000 end_va = 0x660fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 454 start_va = 0x660000 end_va = 0x668fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 455 start_va = 0x660000 end_va = 0x660fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 456 start_va = 0x660000 end_va = 0x668fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 457 start_va = 0x7ffc5a8a0000 end_va = 0x7ffc5a949fff monitored = 0 entry_point = 0x7ffc5a8c7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 458 start_va = 0x7ffc55860000 end_va = 0x7ffc5586afff monitored = 0 entry_point = 0x7ffc55861d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 459 start_va = 0x1ad70000 end_va = 0x1ae6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad70000" filename = "" Region: id = 460 start_va = 0x7ffc538e0000 end_va = 0x7ffc538e9fff monitored = 0 entry_point = 0x7ffc538e14c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 461 start_va = 0x7ffc54680000 end_va = 0x7ffc546e6fff monitored = 0 entry_point = 0x7ffc546863e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 462 start_va = 0x7ffc5bcc0000 end_va = 0x7ffc5bce8fff monitored = 0 entry_point = 0x7ffc5bcd4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 463 start_va = 0x7ffc4f220000 end_va = 0x7ffc4f22bfff monitored = 0 entry_point = 0x7ffc4f2235c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 464 start_va = 0x7ffc5bab0000 end_va = 0x7ffc5badcfff monitored = 0 entry_point = 0x7ffc5bac9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 465 start_va = 0x7ffc5b380000 end_va = 0x7ffc5b3f9fff monitored = 0 entry_point = 0x7ffc5b3a1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 466 start_va = 0x7ffc5c190000 end_va = 0x7ffc5c356fff monitored = 0 entry_point = 0x7ffc5c1edb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 467 start_va = 0x7ffc5be60000 end_va = 0x7ffc5be6ffff monitored = 0 entry_point = 0x7ffc5be656e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 468 start_va = 0x7ffc4bd50000 end_va = 0x7ffc4bd63fff monitored = 0 entry_point = 0x7ffc4bd53710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 469 start_va = 0x7ffc5b9a0000 end_va = 0x7ffc5b9c6fff monitored = 0 entry_point = 0x7ffc5b9b0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 470 start_va = 0x7ffc5b960000 end_va = 0x7ffc5b999fff monitored = 0 entry_point = 0x7ffc5b968d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 471 start_va = 0x7ffc4be00000 end_va = 0x7ffc4be1dfff monitored = 0 entry_point = 0x7ffc4be0ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 472 start_va = 0x1ae70000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae70000" filename = "" Region: id = 473 start_va = 0x7ffbe11b0000 end_va = 0x7ffbe11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe11b0000" filename = "" Region: id = 474 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 475 start_va = 0x660000 end_va = 0x6c4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 476 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 477 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 478 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 479 start_va = 0x7ffc3cf40000 end_va = 0x7ffc3d12afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll") Region: id = 480 start_va = 0x7ffc3c050000 end_va = 0x7ffc3cf32fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll") Region: id = 481 start_va = 0x7ffbe11c0000 end_va = 0x7ffbe11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe11c0000" filename = "" Region: id = 482 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 483 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 484 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 485 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 486 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 487 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 488 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 489 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 490 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 491 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 492 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 493 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 494 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 495 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 496 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 497 start_va = 0x1af80000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af80000" filename = "" Region: id = 498 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 499 start_va = 0x1afa0000 end_va = 0x1afaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afa0000" filename = "" Region: id = 500 start_va = 0x1afb0000 end_va = 0x1afbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afb0000" filename = "" Region: id = 501 start_va = 0x1afc0000 end_va = 0x1afcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afc0000" filename = "" Region: id = 502 start_va = 0x1afd0000 end_va = 0x1afdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afd0000" filename = "" Region: id = 503 start_va = 0x1afe0000 end_va = 0x1affffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afe0000" filename = "" Region: id = 504 start_va = 0x1b000000 end_va = 0x1b00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b000000" filename = "" Region: id = 505 start_va = 0x1b010000 end_va = 0x1b01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b010000" filename = "" Region: id = 506 start_va = 0x1b020000 end_va = 0x1b02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b020000" filename = "" Region: id = 507 start_va = 0x1b030000 end_va = 0x1b03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b030000" filename = "" Region: id = 508 start_va = 0x1b040000 end_va = 0x1b04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b040000" filename = "" Region: id = 509 start_va = 0x1b050000 end_va = 0x1b05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b050000" filename = "" Region: id = 510 start_va = 0x1b060000 end_va = 0x1b06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b060000" filename = "" Region: id = 511 start_va = 0x1b070000 end_va = 0x1b08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b070000" filename = "" Region: id = 512 start_va = 0x1b090000 end_va = 0x1b09ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b090000" filename = "" Region: id = 513 start_va = 0x1b0a0000 end_va = 0x1b0affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0a0000" filename = "" Region: id = 514 start_va = 0x1b0b0000 end_va = 0x1b0bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0b0000" filename = "" Region: id = 515 start_va = 0x1b0c0000 end_va = 0x1b0cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0c0000" filename = "" Region: id = 516 start_va = 0x1b0d0000 end_va = 0x1b0dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0d0000" filename = "" Region: id = 517 start_va = 0x1b0e0000 end_va = 0x1b0effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0e0000" filename = "" Region: id = 518 start_va = 0x1b0f0000 end_va = 0x1b0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0f0000" filename = "" Region: id = 519 start_va = 0x1b100000 end_va = 0x1b10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b100000" filename = "" Region: id = 520 start_va = 0x1b110000 end_va = 0x1b11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b110000" filename = "" Region: id = 521 start_va = 0x1b120000 end_va = 0x1b12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b120000" filename = "" Region: id = 522 start_va = 0x1b130000 end_va = 0x1b13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b130000" filename = "" Region: id = 523 start_va = 0x1b140000 end_va = 0x1b16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b140000" filename = "" Region: id = 524 start_va = 0x1b170000 end_va = 0x1b17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b170000" filename = "" Region: id = 525 start_va = 0x1b180000 end_va = 0x1b18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b180000" filename = "" Region: id = 526 start_va = 0x1b190000 end_va = 0x1b19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b190000" filename = "" Region: id = 527 start_va = 0x1b1a0000 end_va = 0x1b1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1a0000" filename = "" Region: id = 528 start_va = 0x1b1b0000 end_va = 0x1b1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1b0000" filename = "" Region: id = 529 start_va = 0x1b1c0000 end_va = 0x1b1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1c0000" filename = "" Region: id = 530 start_va = 0x1b1d0000 end_va = 0x1b1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1d0000" filename = "" Region: id = 531 start_va = 0x1b1e0000 end_va = 0x1b1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1e0000" filename = "" Region: id = 532 start_va = 0x1b1f0000 end_va = 0x1b1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1f0000" filename = "" Region: id = 533 start_va = 0x1b200000 end_va = 0x1b20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b200000" filename = "" Region: id = 534 start_va = 0x1b210000 end_va = 0x1b21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b210000" filename = "" Region: id = 535 start_va = 0x1b220000 end_va = 0x1b22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b220000" filename = "" Region: id = 536 start_va = 0x1b230000 end_va = 0x1b23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b230000" filename = "" Region: id = 537 start_va = 0x1b240000 end_va = 0x1b24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b240000" filename = "" Region: id = 538 start_va = 0x1b250000 end_va = 0x1b25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b250000" filename = "" Region: id = 539 start_va = 0x1b260000 end_va = 0x1b26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b260000" filename = "" Region: id = 540 start_va = 0x1b270000 end_va = 0x1b27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b270000" filename = "" Region: id = 541 start_va = 0x1b280000 end_va = 0x1b28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b280000" filename = "" Region: id = 542 start_va = 0x1b290000 end_va = 0x1b29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b290000" filename = "" Region: id = 543 start_va = 0x1b2a0000 end_va = 0x1b2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2a0000" filename = "" Region: id = 544 start_va = 0x1b2b0000 end_va = 0x1b2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2b0000" filename = "" Region: id = 545 start_va = 0x1b2c0000 end_va = 0x1b2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2c0000" filename = "" Region: id = 546 start_va = 0x1b2d0000 end_va = 0x1b2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2d0000" filename = "" Region: id = 547 start_va = 0x1b2e0000 end_va = 0x1b2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2e0000" filename = "" Region: id = 548 start_va = 0x1b2f0000 end_va = 0x1b2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2f0000" filename = "" Region: id = 549 start_va = 0x1b300000 end_va = 0x1b30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b300000" filename = "" Region: id = 550 start_va = 0x1b310000 end_va = 0x1b31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b310000" filename = "" Region: id = 551 start_va = 0x1b320000 end_va = 0x1b32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b320000" filename = "" Region: id = 552 start_va = 0x1b330000 end_va = 0x1b33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b330000" filename = "" Region: id = 553 start_va = 0x1b340000 end_va = 0x1b34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b340000" filename = "" Region: id = 554 start_va = 0x1b350000 end_va = 0x1b35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b350000" filename = "" Region: id = 555 start_va = 0x1b360000 end_va = 0x1b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b360000" filename = "" Region: id = 556 start_va = 0x1b370000 end_va = 0x1b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b370000" filename = "" Region: id = 557 start_va = 0x1b380000 end_va = 0x1b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b380000" filename = "" Region: id = 558 start_va = 0x1b390000 end_va = 0x1b39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b390000" filename = "" Region: id = 559 start_va = 0x1b3a0000 end_va = 0x1b3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3a0000" filename = "" Region: id = 560 start_va = 0x1b3b0000 end_va = 0x1b3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3b0000" filename = "" Region: id = 561 start_va = 0x1b3c0000 end_va = 0x1b3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3c0000" filename = "" Region: id = 562 start_va = 0x1b3d0000 end_va = 0x1b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3d0000" filename = "" Region: id = 563 start_va = 0x1b3e0000 end_va = 0x1b3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3e0000" filename = "" Region: id = 564 start_va = 0x1b3f0000 end_va = 0x1b40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3f0000" filename = "" Region: id = 565 start_va = 0x1b410000 end_va = 0x1b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b410000" filename = "" Region: id = 566 start_va = 0x1b420000 end_va = 0x1b43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b420000" filename = "" Region: id = 567 start_va = 0x1b440000 end_va = 0x1b46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b440000" filename = "" Region: id = 568 start_va = 0x1b470000 end_va = 0x1b49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b470000" filename = "" Region: id = 569 start_va = 0x1b4a0000 end_va = 0x1b4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b4a0000" filename = "" Region: id = 570 start_va = 0x1b4b0000 end_va = 0x1b50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b4b0000" filename = "" Region: id = 571 start_va = 0x1b510000 end_va = 0x1b55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b510000" filename = "" Region: id = 572 start_va = 0x1b560000 end_va = 0x1b56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b560000" filename = "" Region: id = 573 start_va = 0x1b570000 end_va = 0x1b61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b570000" filename = "" Region: id = 574 start_va = 0x1b620000 end_va = 0x1b62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b620000" filename = "" Region: id = 575 start_va = 0x1b630000 end_va = 0x1b63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b630000" filename = "" Region: id = 576 start_va = 0x1b640000 end_va = 0x1b64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b640000" filename = "" Region: id = 577 start_va = 0x1b650000 end_va = 0x1b65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b650000" filename = "" Region: id = 578 start_va = 0x1b660000 end_va = 0x1b66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b660000" filename = "" Region: id = 579 start_va = 0x1b670000 end_va = 0x1b67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b670000" filename = "" Region: id = 580 start_va = 0x1b680000 end_va = 0x1b68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b680000" filename = "" Region: id = 581 start_va = 0x1b690000 end_va = 0x1b69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b690000" filename = "" Region: id = 582 start_va = 0x1b6a0000 end_va = 0x1b6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b6a0000" filename = "" Region: id = 583 start_va = 0x1b6b0000 end_va = 0x1b6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b6b0000" filename = "" Region: id = 584 start_va = 0x1b6c0000 end_va = 0x1b6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b6c0000" filename = "" Region: id = 585 start_va = 0x1b6d0000 end_va = 0x1b6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b6d0000" filename = "" Region: id = 586 start_va = 0x1b6e0000 end_va = 0x1b6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b6e0000" filename = "" Region: id = 587 start_va = 0x1b6f0000 end_va = 0x1b6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b6f0000" filename = "" Region: id = 588 start_va = 0x1b700000 end_va = 0x1b70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b700000" filename = "" Region: id = 589 start_va = 0x1b710000 end_va = 0x1b71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b710000" filename = "" Region: id = 590 start_va = 0x1b720000 end_va = 0x1b72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b720000" filename = "" Region: id = 591 start_va = 0x1b730000 end_va = 0x1b73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b730000" filename = "" Region: id = 592 start_va = 0x1b740000 end_va = 0x1b74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b740000" filename = "" Region: id = 593 start_va = 0x1b750000 end_va = 0x1b75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b750000" filename = "" Region: id = 594 start_va = 0x1b760000 end_va = 0x1b76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b760000" filename = "" Region: id = 595 start_va = 0x1b770000 end_va = 0x1b77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b770000" filename = "" Region: id = 596 start_va = 0x1b780000 end_va = 0x1b78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b780000" filename = "" Region: id = 597 start_va = 0x1b790000 end_va = 0x1b79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b790000" filename = "" Region: id = 598 start_va = 0x1b7a0000 end_va = 0x1b7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7a0000" filename = "" Region: id = 599 start_va = 0x1b7b0000 end_va = 0x1b7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7b0000" filename = "" Region: id = 600 start_va = 0x1b7c0000 end_va = 0x1b7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7c0000" filename = "" Region: id = 601 start_va = 0x1b7d0000 end_va = 0x1b7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7d0000" filename = "" Region: id = 602 start_va = 0x1b7e0000 end_va = 0x1b7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7e0000" filename = "" Region: id = 603 start_va = 0x1b7f0000 end_va = 0x1b7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7f0000" filename = "" Region: id = 604 start_va = 0x1b800000 end_va = 0x1b80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b800000" filename = "" Region: id = 605 start_va = 0x1b810000 end_va = 0x1b81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b810000" filename = "" Region: id = 606 start_va = 0x1b820000 end_va = 0x1b82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b820000" filename = "" Region: id = 607 start_va = 0x1b830000 end_va = 0x1b83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b830000" filename = "" Region: id = 608 start_va = 0x1b840000 end_va = 0x1b84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b840000" filename = "" Region: id = 609 start_va = 0x1b850000 end_va = 0x1b94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b850000" filename = "" Region: id = 610 start_va = 0x7ffbe11d0000 end_va = 0x7ffbe11dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe11d0000" filename = "" Region: id = 611 start_va = 0x1b950000 end_va = 0x1b95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b950000" filename = "" Region: id = 612 start_va = 0x1b960000 end_va = 0x1b96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b960000" filename = "" Region: id = 613 start_va = 0x1b970000 end_va = 0x1b97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b970000" filename = "" Region: id = 614 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 615 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 616 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 617 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 618 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 619 start_va = 0x7ffc5cc70000 end_va = 0x7ffc5cc77fff monitored = 0 entry_point = 0x7ffc5cc710b0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 620 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 621 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 622 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 623 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 624 start_va = 0x6d0000 end_va = 0x6d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 625 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 626 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 627 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 628 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 629 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 630 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 631 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 632 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 633 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 634 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 635 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 636 start_va = 0x1af80000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af80000" filename = "" Region: id = 637 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 638 start_va = 0x1afa0000 end_va = 0x1afaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afa0000" filename = "" Region: id = 639 start_va = 0x1afb0000 end_va = 0x1afbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afb0000" filename = "" Region: id = 640 start_va = 0x1afc0000 end_va = 0x1afcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afc0000" filename = "" Region: id = 641 start_va = 0x1afd0000 end_va = 0x1afdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afd0000" filename = "" Region: id = 642 start_va = 0x1afe0000 end_va = 0x1afeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afe0000" filename = "" Region: id = 643 start_va = 0x1aff0000 end_va = 0x1affffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aff0000" filename = "" Region: id = 644 start_va = 0x1b000000 end_va = 0x1b01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b000000" filename = "" Region: id = 645 start_va = 0x1b020000 end_va = 0x1b02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b020000" filename = "" Region: id = 646 start_va = 0x1b030000 end_va = 0x1b03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b030000" filename = "" Region: id = 647 start_va = 0x1b040000 end_va = 0x1b04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b040000" filename = "" Region: id = 648 start_va = 0x1b050000 end_va = 0x1b05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b050000" filename = "" Region: id = 649 start_va = 0x1b060000 end_va = 0x1b06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b060000" filename = "" Region: id = 650 start_va = 0x1b070000 end_va = 0x1b07ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b070000" filename = "" Region: id = 651 start_va = 0x1b080000 end_va = 0x1b08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b080000" filename = "" Region: id = 652 start_va = 0x1b090000 end_va = 0x1b09ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b090000" filename = "" Region: id = 653 start_va = 0x1b0a0000 end_va = 0x1b0affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0a0000" filename = "" Region: id = 654 start_va = 0x1b0b0000 end_va = 0x1b0bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0b0000" filename = "" Region: id = 655 start_va = 0x1b0c0000 end_va = 0x1b0cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0c0000" filename = "" Region: id = 656 start_va = 0x1b0d0000 end_va = 0x1b0dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0d0000" filename = "" Region: id = 657 start_va = 0x1b0e0000 end_va = 0x1b0effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0e0000" filename = "" Region: id = 658 start_va = 0x1b0f0000 end_va = 0x1b0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0f0000" filename = "" Region: id = 659 start_va = 0x1b100000 end_va = 0x1b10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b100000" filename = "" Region: id = 660 start_va = 0x1b110000 end_va = 0x1b11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b110000" filename = "" Region: id = 661 start_va = 0x1b120000 end_va = 0x1b12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b120000" filename = "" Region: id = 662 start_va = 0x1b130000 end_va = 0x1b13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b130000" filename = "" Region: id = 663 start_va = 0x1b140000 end_va = 0x1b14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b140000" filename = "" Region: id = 664 start_va = 0x1b150000 end_va = 0x1b15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b150000" filename = "" Region: id = 665 start_va = 0x1b160000 end_va = 0x1b16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b160000" filename = "" Region: id = 666 start_va = 0x1b170000 end_va = 0x1b17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b170000" filename = "" Region: id = 667 start_va = 0x1b180000 end_va = 0x1b18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b180000" filename = "" Region: id = 668 start_va = 0x1b190000 end_va = 0x1b19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b190000" filename = "" Region: id = 669 start_va = 0x1b1a0000 end_va = 0x1b1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1a0000" filename = "" Region: id = 670 start_va = 0x1b1b0000 end_va = 0x1b1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1b0000" filename = "" Region: id = 671 start_va = 0x1b1c0000 end_va = 0x1b1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1c0000" filename = "" Region: id = 672 start_va = 0x1b1d0000 end_va = 0x1b1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1d0000" filename = "" Region: id = 673 start_va = 0x1b1e0000 end_va = 0x1b1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1e0000" filename = "" Region: id = 674 start_va = 0x1b200000 end_va = 0x1b21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b200000" filename = "" Region: id = 675 start_va = 0x1b220000 end_va = 0x1b24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b220000" filename = "" Region: id = 676 start_va = 0x1b250000 end_va = 0x1b27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b250000" filename = "" Region: id = 677 start_va = 0x1b280000 end_va = 0x1b28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b280000" filename = "" Region: id = 678 start_va = 0x1b290000 end_va = 0x1b29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b290000" filename = "" Region: id = 679 start_va = 0x1b2a0000 end_va = 0x1b2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2a0000" filename = "" Region: id = 680 start_va = 0x1b2b0000 end_va = 0x1b2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2b0000" filename = "" Region: id = 681 start_va = 0x1b2c0000 end_va = 0x1b2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2c0000" filename = "" Region: id = 682 start_va = 0x1b2d0000 end_va = 0x1b2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2d0000" filename = "" Region: id = 683 start_va = 0x1b2e0000 end_va = 0x1b2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2e0000" filename = "" Region: id = 684 start_va = 0x1b2f0000 end_va = 0x1b2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2f0000" filename = "" Region: id = 685 start_va = 0x1b300000 end_va = 0x1b30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b300000" filename = "" Region: id = 686 start_va = 0x1b310000 end_va = 0x1b31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b310000" filename = "" Region: id = 687 start_va = 0x1b320000 end_va = 0x1b32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b320000" filename = "" Region: id = 688 start_va = 0x1b330000 end_va = 0x1b33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b330000" filename = "" Region: id = 689 start_va = 0x1b340000 end_va = 0x1b34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b340000" filename = "" Region: id = 690 start_va = 0x1b350000 end_va = 0x1b35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b350000" filename = "" Region: id = 691 start_va = 0x1b360000 end_va = 0x1b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b360000" filename = "" Region: id = 692 start_va = 0x1b370000 end_va = 0x1b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b370000" filename = "" Region: id = 693 start_va = 0x1b380000 end_va = 0x1b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b380000" filename = "" Region: id = 694 start_va = 0x1b390000 end_va = 0x1b39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b390000" filename = "" Region: id = 695 start_va = 0x1b3a0000 end_va = 0x1b3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3a0000" filename = "" Region: id = 696 start_va = 0x1b3b0000 end_va = 0x1b3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3b0000" filename = "" Region: id = 697 start_va = 0x1b3c0000 end_va = 0x1b3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3c0000" filename = "" Region: id = 698 start_va = 0x1b3d0000 end_va = 0x1b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3d0000" filename = "" Region: id = 699 start_va = 0x7ffbe11e0000 end_va = 0x7ffbe11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe11e0000" filename = "" Region: id = 700 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 701 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 702 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 703 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 704 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 705 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 706 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 707 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 708 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 709 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 710 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 711 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 712 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 713 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 714 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 715 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 716 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 717 start_va = 0x1af80000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af80000" filename = "" Region: id = 718 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 719 start_va = 0x1afa0000 end_va = 0x1afaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afa0000" filename = "" Region: id = 720 start_va = 0x1afb0000 end_va = 0x1afbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afb0000" filename = "" Region: id = 721 start_va = 0x1afc0000 end_va = 0x1afcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afc0000" filename = "" Region: id = 722 start_va = 0x1afd0000 end_va = 0x1afdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afd0000" filename = "" Region: id = 723 start_va = 0x1afe0000 end_va = 0x1afeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afe0000" filename = "" Region: id = 724 start_va = 0x1aff0000 end_va = 0x1b00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aff0000" filename = "" Region: id = 725 start_va = 0x1b010000 end_va = 0x1b02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b010000" filename = "" Region: id = 726 start_va = 0x1b030000 end_va = 0x1b05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b030000" filename = "" Region: id = 727 start_va = 0x1b060000 end_va = 0x1b0bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b060000" filename = "" Region: id = 728 start_va = 0x1b0c0000 end_va = 0x1b0effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0c0000" filename = "" Region: id = 729 start_va = 0x1b0f0000 end_va = 0x1b0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0f0000" filename = "" Region: id = 730 start_va = 0x1b100000 end_va = 0x1b10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b100000" filename = "" Region: id = 731 start_va = 0x1b110000 end_va = 0x1b11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b110000" filename = "" Region: id = 732 start_va = 0x1b120000 end_va = 0x1b12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b120000" filename = "" Region: id = 733 start_va = 0x1b130000 end_va = 0x1b13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b130000" filename = "" Region: id = 734 start_va = 0x1b140000 end_va = 0x1b14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b140000" filename = "" Region: id = 735 start_va = 0x1b150000 end_va = 0x1b15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b150000" filename = "" Region: id = 736 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 737 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 738 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 739 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 740 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 741 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 742 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 743 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 744 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 745 start_va = 0x1af70000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 746 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 747 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 748 start_va = 0x1afa0000 end_va = 0x1afaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afa0000" filename = "" Region: id = 749 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 750 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 751 start_va = 0x7ffbe11f0000 end_va = 0x7ffbe11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe11f0000" filename = "" Region: id = 752 start_va = 0x7ffc412c0000 end_va = 0x7ffc41337fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.linq.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll") Region: id = 753 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 754 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 755 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 756 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 757 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 758 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 759 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 760 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 761 start_va = 0x7ffbe1200000 end_va = 0x7ffbe120ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe1200000" filename = "" Region: id = 762 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 763 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 764 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 765 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 766 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 767 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 768 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 769 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 770 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 771 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 772 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 773 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 774 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 775 start_va = 0x1af80000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af80000" filename = "" Region: id = 776 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 777 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 778 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 779 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 780 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 781 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 782 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 783 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 784 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 785 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 786 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 787 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 788 start_va = 0x1af80000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af80000" filename = "" Region: id = 789 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 790 start_va = 0x1afa0000 end_va = 0x1afaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afa0000" filename = "" Region: id = 791 start_va = 0x1afb0000 end_va = 0x1afbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afb0000" filename = "" Region: id = 792 start_va = 0x1afc0000 end_va = 0x1afcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afc0000" filename = "" Region: id = 793 start_va = 0x1afd0000 end_va = 0x1afdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afd0000" filename = "" Region: id = 794 start_va = 0x1afe0000 end_va = 0x1afeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afe0000" filename = "" Region: id = 795 start_va = 0x1aff0000 end_va = 0x1affffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aff0000" filename = "" Region: id = 796 start_va = 0x1b000000 end_va = 0x1b00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b000000" filename = "" Region: id = 797 start_va = 0x1b010000 end_va = 0x1b01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b010000" filename = "" Region: id = 798 start_va = 0x1b020000 end_va = 0x1b02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b020000" filename = "" Region: id = 799 start_va = 0x1b030000 end_va = 0x1b03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b030000" filename = "" Region: id = 800 start_va = 0x1b040000 end_va = 0x1b04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b040000" filename = "" Region: id = 801 start_va = 0x1b050000 end_va = 0x1b06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b050000" filename = "" Region: id = 802 start_va = 0x1b070000 end_va = 0x1b07ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b070000" filename = "" Region: id = 803 start_va = 0x1b080000 end_va = 0x1b08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b080000" filename = "" Region: id = 804 start_va = 0x1b090000 end_va = 0x1b09ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b090000" filename = "" Region: id = 805 start_va = 0x1b0a0000 end_va = 0x1b0affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0a0000" filename = "" Region: id = 806 start_va = 0x1b0b0000 end_va = 0x1b0bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0b0000" filename = "" Region: id = 807 start_va = 0x1b0c0000 end_va = 0x1b0cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0c0000" filename = "" Region: id = 808 start_va = 0x1b0d0000 end_va = 0x1b0effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0d0000" filename = "" Region: id = 809 start_va = 0x1b0f0000 end_va = 0x1b0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0f0000" filename = "" Region: id = 810 start_va = 0x1b100000 end_va = 0x1b10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b100000" filename = "" Region: id = 811 start_va = 0x1b110000 end_va = 0x1b11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b110000" filename = "" Region: id = 812 start_va = 0x1b120000 end_va = 0x1b12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b120000" filename = "" Region: id = 813 start_va = 0x1b130000 end_va = 0x1b13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b130000" filename = "" Region: id = 814 start_va = 0x1b140000 end_va = 0x1b14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b140000" filename = "" Region: id = 815 start_va = 0x1b150000 end_va = 0x1b15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b150000" filename = "" Region: id = 816 start_va = 0x1b160000 end_va = 0x1b16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b160000" filename = "" Region: id = 817 start_va = 0x1b170000 end_va = 0x1b17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b170000" filename = "" Region: id = 818 start_va = 0x1b180000 end_va = 0x1b1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b180000" filename = "" Region: id = 819 start_va = 0x1b1b0000 end_va = 0x1b1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1b0000" filename = "" Region: id = 820 start_va = 0x1b1c0000 end_va = 0x1b1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1c0000" filename = "" Region: id = 821 start_va = 0x1b1d0000 end_va = 0x1b1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1d0000" filename = "" Region: id = 822 start_va = 0x1b1e0000 end_va = 0x1b1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1e0000" filename = "" Region: id = 823 start_va = 0x1b1f0000 end_va = 0x1b1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1f0000" filename = "" Region: id = 824 start_va = 0x1b200000 end_va = 0x1b20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b200000" filename = "" Region: id = 825 start_va = 0x1b210000 end_va = 0x1b21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b210000" filename = "" Region: id = 826 start_va = 0x1b220000 end_va = 0x1b22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b220000" filename = "" Region: id = 827 start_va = 0x1b230000 end_va = 0x1b23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b230000" filename = "" Region: id = 828 start_va = 0x1b240000 end_va = 0x1b24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b240000" filename = "" Region: id = 829 start_va = 0x1b250000 end_va = 0x1b25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b250000" filename = "" Region: id = 830 start_va = 0x1b260000 end_va = 0x1b26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b260000" filename = "" Region: id = 831 start_va = 0x1b270000 end_va = 0x1b27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b270000" filename = "" Region: id = 832 start_va = 0x1b280000 end_va = 0x1b28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b280000" filename = "" Region: id = 833 start_va = 0x1b290000 end_va = 0x1b2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b290000" filename = "" Region: id = 834 start_va = 0x1b2e0000 end_va = 0x1b2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2e0000" filename = "" Region: id = 835 start_va = 0x1b2f0000 end_va = 0x1b2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2f0000" filename = "" Region: id = 836 start_va = 0x1b300000 end_va = 0x1b30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b300000" filename = "" Region: id = 837 start_va = 0x1b310000 end_va = 0x1b31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b310000" filename = "" Region: id = 838 start_va = 0x1b320000 end_va = 0x1b32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b320000" filename = "" Region: id = 839 start_va = 0x1b330000 end_va = 0x1b33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b330000" filename = "" Region: id = 840 start_va = 0x1b340000 end_va = 0x1b34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b340000" filename = "" Region: id = 841 start_va = 0x1b350000 end_va = 0x1b35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b350000" filename = "" Region: id = 842 start_va = 0x1b360000 end_va = 0x1b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b360000" filename = "" Region: id = 843 start_va = 0x1b370000 end_va = 0x1b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b370000" filename = "" Region: id = 844 start_va = 0x1b380000 end_va = 0x1b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b380000" filename = "" Region: id = 845 start_va = 0x1b390000 end_va = 0x1b39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b390000" filename = "" Region: id = 846 start_va = 0x1b3a0000 end_va = 0x1b3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3a0000" filename = "" Region: id = 847 start_va = 0x1b3b0000 end_va = 0x1b3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3b0000" filename = "" Region: id = 848 start_va = 0x1b3c0000 end_va = 0x1b3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3c0000" filename = "" Region: id = 849 start_va = 0x1b3d0000 end_va = 0x1b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3d0000" filename = "" Region: id = 850 start_va = 0x1b3e0000 end_va = 0x1b3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3e0000" filename = "" Region: id = 851 start_va = 0x1b3f0000 end_va = 0x1b3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3f0000" filename = "" Region: id = 852 start_va = 0x1b400000 end_va = 0x1b40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b400000" filename = "" Region: id = 853 start_va = 0x1b410000 end_va = 0x1b41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b410000" filename = "" Region: id = 854 start_va = 0x1b420000 end_va = 0x1b42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b420000" filename = "" Region: id = 855 start_va = 0x1b430000 end_va = 0x1b43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b430000" filename = "" Region: id = 856 start_va = 0x1b440000 end_va = 0x1b44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b440000" filename = "" Region: id = 857 start_va = 0x1b450000 end_va = 0x1b45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b450000" filename = "" Region: id = 858 start_va = 0x1b460000 end_va = 0x1b46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b460000" filename = "" Region: id = 859 start_va = 0x1b470000 end_va = 0x1b47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b470000" filename = "" Region: id = 860 start_va = 0x1b480000 end_va = 0x1b48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b480000" filename = "" Region: id = 861 start_va = 0x1b490000 end_va = 0x1b49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b490000" filename = "" Region: id = 862 start_va = 0x1b4a0000 end_va = 0x1b4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b4a0000" filename = "" Region: id = 863 start_va = 0x1b4b0000 end_va = 0x1b4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b4b0000" filename = "" Region: id = 864 start_va = 0x1b4c0000 end_va = 0x1b4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b4c0000" filename = "" Region: id = 865 start_va = 0x1b4d0000 end_va = 0x1b4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b4d0000" filename = "" Region: id = 866 start_va = 0x1b4e0000 end_va = 0x1b4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b4e0000" filename = "" Region: id = 867 start_va = 0x1b4f0000 end_va = 0x1b4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b4f0000" filename = "" Region: id = 868 start_va = 0x1b500000 end_va = 0x1b50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b500000" filename = "" Region: id = 869 start_va = 0x1b510000 end_va = 0x1b51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b510000" filename = "" Region: id = 870 start_va = 0x1b520000 end_va = 0x1b52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b520000" filename = "" Region: id = 871 start_va = 0x1b530000 end_va = 0x1b53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b530000" filename = "" Region: id = 872 start_va = 0x1b540000 end_va = 0x1b54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b540000" filename = "" Region: id = 873 start_va = 0x1b550000 end_va = 0x1b55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b550000" filename = "" Region: id = 874 start_va = 0x1b560000 end_va = 0x1b56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b560000" filename = "" Region: id = 875 start_va = 0x1b570000 end_va = 0x1b57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b570000" filename = "" Region: id = 876 start_va = 0x1b580000 end_va = 0x1b58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b580000" filename = "" Region: id = 877 start_va = 0x1b590000 end_va = 0x1b59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b590000" filename = "" Region: id = 878 start_va = 0x1b5a0000 end_va = 0x1b5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5a0000" filename = "" Region: id = 879 start_va = 0x1b5b0000 end_va = 0x1b5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5b0000" filename = "" Region: id = 880 start_va = 0x1b5c0000 end_va = 0x1b5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5c0000" filename = "" Region: id = 881 start_va = 0x1b5d0000 end_va = 0x1b5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5d0000" filename = "" Region: id = 882 start_va = 0x1b5e0000 end_va = 0x1b5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5e0000" filename = "" Region: id = 883 start_va = 0x1b5f0000 end_va = 0x1b5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5f0000" filename = "" Region: id = 884 start_va = 0x1b600000 end_va = 0x1b60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b600000" filename = "" Region: id = 885 start_va = 0x1b610000 end_va = 0x1b61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b610000" filename = "" Region: id = 886 start_va = 0x1b620000 end_va = 0x1b62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b620000" filename = "" Region: id = 887 start_va = 0x1b630000 end_va = 0x1b63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b630000" filename = "" Region: id = 888 start_va = 0x1b640000 end_va = 0x1b64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b640000" filename = "" Region: id = 889 start_va = 0x1b650000 end_va = 0x1b65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b650000" filename = "" Region: id = 890 start_va = 0x1b660000 end_va = 0x1b67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b660000" filename = "" Region: id = 891 start_va = 0x1b680000 end_va = 0x1b6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b680000" filename = "" Region: id = 892 start_va = 0x1b6b0000 end_va = 0x1b6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b6b0000" filename = "" Region: id = 893 start_va = 0x1b6d0000 end_va = 0x1b6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b6d0000" filename = "" Region: id = 894 start_va = 0x1b700000 end_va = 0x1b75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b700000" filename = "" Region: id = 895 start_va = 0x1b760000 end_va = 0x1b7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b760000" filename = "" Region: id = 896 start_va = 0x1b950000 end_va = 0x1b9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b950000" filename = "" Region: id = 897 start_va = 0x1b7b0000 end_va = 0x1b7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7b0000" filename = "" Region: id = 898 start_va = 0x1ba00000 end_va = 0x1bb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba00000" filename = "" Region: id = 899 start_va = 0x1bb50000 end_va = 0x1bbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb50000" filename = "" Region: id = 900 start_va = 0x1b7c0000 end_va = 0x1b7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7c0000" filename = "" Region: id = 901 start_va = 0x1b7d0000 end_va = 0x1b7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7d0000" filename = "" Region: id = 902 start_va = 0x1b7e0000 end_va = 0x1b7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7e0000" filename = "" Region: id = 903 start_va = 0x1b7f0000 end_va = 0x1b7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7f0000" filename = "" Region: id = 904 start_va = 0x1b800000 end_va = 0x1b80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b800000" filename = "" Region: id = 905 start_va = 0x1b810000 end_va = 0x1b81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b810000" filename = "" Region: id = 906 start_va = 0x1b820000 end_va = 0x1b82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b820000" filename = "" Region: id = 907 start_va = 0x1b830000 end_va = 0x1b83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b830000" filename = "" Region: id = 908 start_va = 0x1b840000 end_va = 0x1b84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b840000" filename = "" Region: id = 909 start_va = 0x1bbf0000 end_va = 0x1bbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bbf0000" filename = "" Region: id = 910 start_va = 0x1bc00000 end_va = 0x1bc0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc00000" filename = "" Region: id = 911 start_va = 0x1bc10000 end_va = 0x1bc1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc10000" filename = "" Region: id = 912 start_va = 0x1bc20000 end_va = 0x1bc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc20000" filename = "" Region: id = 913 start_va = 0x1bc30000 end_va = 0x1bc3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc30000" filename = "" Region: id = 914 start_va = 0x1bc40000 end_va = 0x1bc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc40000" filename = "" Region: id = 915 start_va = 0x1bc50000 end_va = 0x1bc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc50000" filename = "" Region: id = 916 start_va = 0x1bc60000 end_va = 0x1bc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc60000" filename = "" Region: id = 917 start_va = 0x1bc70000 end_va = 0x1bc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc70000" filename = "" Region: id = 918 start_va = 0x1bc80000 end_va = 0x1bc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc80000" filename = "" Region: id = 919 start_va = 0x1bc90000 end_va = 0x1bc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc90000" filename = "" Region: id = 920 start_va = 0x1bca0000 end_va = 0x1bd9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bca0000" filename = "" Region: id = 921 start_va = 0x1bda0000 end_va = 0x1bdaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bda0000" filename = "" Region: id = 922 start_va = 0x1bdb0000 end_va = 0x1bdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bdb0000" filename = "" Region: id = 923 start_va = 0x1bdc0000 end_va = 0x1bdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bdc0000" filename = "" Region: id = 924 start_va = 0x1bdd0000 end_va = 0x1bddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bdd0000" filename = "" Region: id = 925 start_va = 0x1bde0000 end_va = 0x1bdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bde0000" filename = "" Region: id = 926 start_va = 0x1bdf0000 end_va = 0x1bdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bdf0000" filename = "" Region: id = 927 start_va = 0x1be00000 end_va = 0x1be0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be00000" filename = "" Region: id = 928 start_va = 0x1be10000 end_va = 0x1be1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be10000" filename = "" Region: id = 929 start_va = 0x1be20000 end_va = 0x1be2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be20000" filename = "" Region: id = 930 start_va = 0x1be30000 end_va = 0x1be3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be30000" filename = "" Region: id = 931 start_va = 0x1be40000 end_va = 0x1be4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be40000" filename = "" Region: id = 932 start_va = 0x1be50000 end_va = 0x1be5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be50000" filename = "" Region: id = 933 start_va = 0x1be60000 end_va = 0x1be6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be60000" filename = "" Region: id = 934 start_va = 0x1be70000 end_va = 0x1be7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be70000" filename = "" Region: id = 935 start_va = 0x1be80000 end_va = 0x1be8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be80000" filename = "" Region: id = 936 start_va = 0x1be90000 end_va = 0x1be9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be90000" filename = "" Region: id = 937 start_va = 0x1bea0000 end_va = 0x1beaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bea0000" filename = "" Region: id = 938 start_va = 0x1beb0000 end_va = 0x1bebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001beb0000" filename = "" Region: id = 939 start_va = 0x1bec0000 end_va = 0x1becffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bec0000" filename = "" Region: id = 940 start_va = 0x1bed0000 end_va = 0x1bedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bed0000" filename = "" Region: id = 941 start_va = 0x1bee0000 end_va = 0x1beeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bee0000" filename = "" Region: id = 942 start_va = 0x1bef0000 end_va = 0x1befffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bef0000" filename = "" Region: id = 943 start_va = 0x1bf00000 end_va = 0x1bf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf00000" filename = "" Region: id = 944 start_va = 0x1bf10000 end_va = 0x1bf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf10000" filename = "" Region: id = 945 start_va = 0x1bf20000 end_va = 0x1bf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf20000" filename = "" Region: id = 946 start_va = 0x1bf30000 end_va = 0x1bf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf30000" filename = "" Region: id = 947 start_va = 0x1bf40000 end_va = 0x1bf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf40000" filename = "" Region: id = 948 start_va = 0x1bf50000 end_va = 0x1bf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf50000" filename = "" Region: id = 949 start_va = 0x1bf60000 end_va = 0x1bf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf60000" filename = "" Region: id = 950 start_va = 0x1bf70000 end_va = 0x1bf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf70000" filename = "" Region: id = 951 start_va = 0x1bf80000 end_va = 0x1bf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf80000" filename = "" Region: id = 952 start_va = 0x1bf90000 end_va = 0x1bf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bf90000" filename = "" Region: id = 953 start_va = 0x1bfa0000 end_va = 0x1bfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfa0000" filename = "" Region: id = 954 start_va = 0x1bfb0000 end_va = 0x1bfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfb0000" filename = "" Region: id = 955 start_va = 0x1bfc0000 end_va = 0x1bfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfc0000" filename = "" Region: id = 956 start_va = 0x1bfd0000 end_va = 0x1bfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfd0000" filename = "" Region: id = 957 start_va = 0x1bfe0000 end_va = 0x1bfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bfe0000" filename = "" Region: id = 958 start_va = 0x1bff0000 end_va = 0x1bffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bff0000" filename = "" Region: id = 959 start_va = 0x1c000000 end_va = 0x1c01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c000000" filename = "" Region: id = 960 start_va = 0x1c020000 end_va = 0x1c05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c020000" filename = "" Region: id = 961 start_va = 0x1c060000 end_va = 0x1c09ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c060000" filename = "" Region: id = 962 start_va = 0x1c0a0000 end_va = 0x1c0affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c0a0000" filename = "" Region: id = 963 start_va = 0x1c0b0000 end_va = 0x1c0bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c0b0000" filename = "" Region: id = 964 start_va = 0x7ffbe1210000 end_va = 0x7ffbe121ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe1210000" filename = "" Region: id = 965 start_va = 0x7ffbe1220000 end_va = 0x7ffbe122ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe1220000" filename = "" Region: id = 966 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 967 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 968 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 969 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 970 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 971 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 972 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 973 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 974 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 975 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 976 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 977 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 978 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 979 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 980 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 981 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 982 start_va = 0x1af70000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 983 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 984 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 985 start_va = 0x7ffbe1230000 end_va = 0x7ffbe126ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe1230000" filename = "" Region: id = 986 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 987 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 988 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 989 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 990 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 991 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 992 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 993 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 994 start_va = 0x7ffc3bb20000 end_va = 0x7ffc3bd43fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll") Region: id = 995 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 996 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 997 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 998 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 999 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1000 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1001 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1002 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1003 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1004 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1005 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1006 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1007 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1008 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 1009 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 1010 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 1011 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1012 start_va = 0x1af80000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af80000" filename = "" Region: id = 1013 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 1014 start_va = 0x1afa0000 end_va = 0x1afaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afa0000" filename = "" Region: id = 1015 start_va = 0x1afb0000 end_va = 0x1afbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afb0000" filename = "" Region: id = 1016 start_va = 0x1afc0000 end_va = 0x1afcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afc0000" filename = "" Region: id = 1017 start_va = 0x1afd0000 end_va = 0x1afdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afd0000" filename = "" Region: id = 1018 start_va = 0x1afe0000 end_va = 0x1afeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afe0000" filename = "" Region: id = 1019 start_va = 0x1aff0000 end_va = 0x1affffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aff0000" filename = "" Region: id = 1020 start_va = 0x1b000000 end_va = 0x1b00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b000000" filename = "" Region: id = 1021 start_va = 0x1b010000 end_va = 0x1b01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b010000" filename = "" Region: id = 1022 start_va = 0x1b020000 end_va = 0x1b02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b020000" filename = "" Region: id = 1023 start_va = 0x1b030000 end_va = 0x1b03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b030000" filename = "" Region: id = 1024 start_va = 0x1b040000 end_va = 0x1b05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b040000" filename = "" Region: id = 1025 start_va = 0x1b060000 end_va = 0x1b08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b060000" filename = "" Region: id = 1026 start_va = 0x1b090000 end_va = 0x1b0affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b090000" filename = "" Region: id = 1027 start_va = 0x1b0b0000 end_va = 0x1b0bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0b0000" filename = "" Region: id = 1028 start_va = 0x1b0c0000 end_va = 0x1b0cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0c0000" filename = "" Region: id = 1029 start_va = 0x1b0d0000 end_va = 0x1b0dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0d0000" filename = "" Region: id = 1030 start_va = 0x1b0e0000 end_va = 0x1b0effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0e0000" filename = "" Region: id = 1031 start_va = 0x1b0f0000 end_va = 0x1b0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0f0000" filename = "" Region: id = 1032 start_va = 0x1b100000 end_va = 0x1b10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b100000" filename = "" Region: id = 1033 start_va = 0x1b110000 end_va = 0x1b11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b110000" filename = "" Region: id = 1034 start_va = 0x1b120000 end_va = 0x1b12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b120000" filename = "" Region: id = 1035 start_va = 0x1b130000 end_va = 0x1b13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b130000" filename = "" Region: id = 1036 start_va = 0x1b140000 end_va = 0x1b14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b140000" filename = "" Region: id = 1037 start_va = 0x1b150000 end_va = 0x1b15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b150000" filename = "" Region: id = 1038 start_va = 0x1b160000 end_va = 0x1b16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b160000" filename = "" Region: id = 1039 start_va = 0x1b170000 end_va = 0x1b17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b170000" filename = "" Region: id = 1040 start_va = 0x1b180000 end_va = 0x1b18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b180000" filename = "" Region: id = 1041 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1042 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1043 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1044 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1045 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1046 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1047 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1048 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 1049 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 1050 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1051 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1052 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1053 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1054 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1055 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1056 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1057 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1058 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1059 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1060 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1061 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1062 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 1063 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 1064 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 1065 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1066 start_va = 0x1af80000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af80000" filename = "" Region: id = 1067 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 1068 start_va = 0x1afa0000 end_va = 0x1afbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afa0000" filename = "" Region: id = 1069 start_va = 0x1afc0000 end_va = 0x1afcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afc0000" filename = "" Region: id = 1070 start_va = 0x1afd0000 end_va = 0x1afdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afd0000" filename = "" Region: id = 1071 start_va = 0x1afe0000 end_va = 0x1afeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afe0000" filename = "" Region: id = 1072 start_va = 0x1aff0000 end_va = 0x1affffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aff0000" filename = "" Region: id = 1073 start_va = 0x1b000000 end_va = 0x1b00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b000000" filename = "" Region: id = 1074 start_va = 0x1b010000 end_va = 0x1b01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b010000" filename = "" Region: id = 1075 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1076 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1077 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1078 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1079 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1080 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1081 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1082 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 1083 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 1084 start_va = 0x1af70000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1085 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 1086 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 1087 start_va = 0x1afa0000 end_va = 0x1afaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afa0000" filename = "" Region: id = 1088 start_va = 0x7ffbe1270000 end_va = 0x7ffbe127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffbe1270000" filename = "" Region: id = 1089 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1090 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1091 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1092 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1093 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1094 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1095 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1096 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1097 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1098 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1099 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1100 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 1101 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 1102 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 1103 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1104 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1105 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1106 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1107 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1108 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1109 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1110 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1111 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1112 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1113 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1114 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1115 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1116 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1117 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1118 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1119 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1120 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1121 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 1122 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 1123 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1124 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1125 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1126 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1127 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1128 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1129 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1130 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 1131 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 1132 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1133 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 1134 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 1135 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 1136 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1137 start_va = 0x1af80000 end_va = 0x1af8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af80000" filename = "" Region: id = 1138 start_va = 0x1af90000 end_va = 0x1af9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af90000" filename = "" Region: id = 1139 start_va = 0x1afa0000 end_va = 0x1afaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afa0000" filename = "" Region: id = 1140 start_va = 0x1afb0000 end_va = 0x1afbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afb0000" filename = "" Region: id = 1141 start_va = 0x1afc0000 end_va = 0x1afcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afc0000" filename = "" Region: id = 1142 start_va = 0x1afd0000 end_va = 0x1afdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afd0000" filename = "" Region: id = 1143 start_va = 0x1afe0000 end_va = 0x1afeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001afe0000" filename = "" Region: id = 1144 start_va = 0x1aff0000 end_va = 0x1affffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aff0000" filename = "" Region: id = 1145 start_va = 0x1b000000 end_va = 0x1b00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b000000" filename = "" Region: id = 1146 start_va = 0x1b010000 end_va = 0x1b01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b010000" filename = "" Region: id = 1147 start_va = 0x1b020000 end_va = 0x1b02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b020000" filename = "" Region: id = 1148 start_va = 0x1b030000 end_va = 0x1b03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b030000" filename = "" Region: id = 1149 start_va = 0x1b040000 end_va = 0x1b04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b040000" filename = "" Region: id = 1150 start_va = 0x1b050000 end_va = 0x1b05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b050000" filename = "" Region: id = 1151 start_va = 0x1b060000 end_va = 0x1b06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b060000" filename = "" Region: id = 1152 start_va = 0x1b070000 end_va = 0x1b07ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b070000" filename = "" Region: id = 1153 start_va = 0x1b080000 end_va = 0x1b08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b080000" filename = "" Region: id = 1154 start_va = 0x1b090000 end_va = 0x1b09ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b090000" filename = "" Region: id = 1155 start_va = 0x1b0a0000 end_va = 0x1b0affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0a0000" filename = "" Region: id = 1156 start_va = 0x1b0b0000 end_va = 0x1b0bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0b0000" filename = "" Region: id = 1157 start_va = 0x1b0c0000 end_va = 0x1b0cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0c0000" filename = "" Region: id = 1158 start_va = 0x1b0d0000 end_va = 0x1b0dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0d0000" filename = "" Region: id = 1159 start_va = 0x1b0e0000 end_va = 0x1b0effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0e0000" filename = "" Region: id = 1160 start_va = 0x1b0f0000 end_va = 0x1b10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b0f0000" filename = "" Region: id = 1161 start_va = 0x1b110000 end_va = 0x1b12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b110000" filename = "" Region: id = 1162 start_va = 0x1b130000 end_va = 0x1b15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b130000" filename = "" Region: id = 1163 start_va = 0x1b160000 end_va = 0x1b16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b160000" filename = "" Region: id = 1164 start_va = 0x1b170000 end_va = 0x1b17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b170000" filename = "" Region: id = 1165 start_va = 0x1b180000 end_va = 0x1b18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b180000" filename = "" Region: id = 1166 start_va = 0x1b190000 end_va = 0x1b19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b190000" filename = "" Region: id = 1167 start_va = 0x1b1a0000 end_va = 0x1b1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1a0000" filename = "" Region: id = 1168 start_va = 0x1b1b0000 end_va = 0x1b1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1b0000" filename = "" Region: id = 1169 start_va = 0x1b1c0000 end_va = 0x1b1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1c0000" filename = "" Region: id = 1170 start_va = 0x1b1d0000 end_va = 0x1b1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1d0000" filename = "" Region: id = 1171 start_va = 0x1b1e0000 end_va = 0x1b1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1e0000" filename = "" Region: id = 1172 start_va = 0x1b1f0000 end_va = 0x1b1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1f0000" filename = "" Region: id = 1173 start_va = 0x1b200000 end_va = 0x1b20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b200000" filename = "" Region: id = 1174 start_va = 0x1b210000 end_va = 0x1b21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b210000" filename = "" Region: id = 1175 start_va = 0x1b220000 end_va = 0x1b22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b220000" filename = "" Region: id = 1176 start_va = 0x1b230000 end_va = 0x1b23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b230000" filename = "" Region: id = 1177 start_va = 0x1b240000 end_va = 0x1b24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b240000" filename = "" Region: id = 1178 start_va = 0x1af70000 end_va = 0x1b06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 1179 start_va = 0x6e0000 end_va = 0x6e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1180 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1181 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1182 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1183 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1184 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1185 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1186 start_va = 0x7ff5ffa70000 end_va = 0x7ff5ffe10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0x13d8 [0079.626] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0079.641] RoInitialize () returned 0x1 [0079.641] RoUninitialize () returned 0x0 [0080.947] GetConsoleWindow () returned 0x40320 [0080.956] ShowWindow (hWnd=0x40320, nCmdShow=0) returned 1 [0081.185] GetACP () returned 0x4e4 [0082.111] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe.config", nBufferLength=0x105, lpBuffer=0x14e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe.config", lpFilePart=0x0) returned 0x69 [0082.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe.config", nBufferLength=0x105, lpBuffer=0x14e420, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe.config", lpFilePart=0x0) returned 0x69 [0082.607] GetCurrentProcess () returned 0xffffffffffffffff [0082.608] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e838 | out: TokenHandle=0x14e838*=0x25c) returned 1 [0082.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30 [0082.666] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x14e8f0 | out: lpFileInformation=0x14e8f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0082.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x14e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0082.671] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x14e8d8 | out: lpFileInformation=0x14e8d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0082.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x14e270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0082.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14e750) returned 1 [0082.676] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0082.676] GetFileType (hFile=0x260) returned 0x1 [0082.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e6c0) returned 1 [0082.676] GetFileType (hFile=0x260) returned 0x1 [0082.708] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x14e828 | out: lpFileSizeHigh=0x14e828*=0x0) returned 0x8c8f [0082.709] ReadFile (in: hFile=0x260, lpBuffer=0x209c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e798, lpOverlapped=0x0 | out: lpBuffer=0x209c810*, lpNumberOfBytesRead=0x14e798*=0x1000, lpOverlapped=0x0) returned 1 [0082.745] ReadFile (in: hFile=0x260, lpBuffer=0x209c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e578, lpOverlapped=0x0 | out: lpBuffer=0x209c810*, lpNumberOfBytesRead=0x14e578*=0x1000, lpOverlapped=0x0) returned 1 [0082.748] ReadFile (in: hFile=0x260, lpBuffer=0x209c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e368, lpOverlapped=0x0 | out: lpBuffer=0x209c810*, lpNumberOfBytesRead=0x14e368*=0x1000, lpOverlapped=0x0) returned 1 [0082.749] ReadFile (in: hFile=0x260, lpBuffer=0x209c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e368, lpOverlapped=0x0 | out: lpBuffer=0x209c810*, lpNumberOfBytesRead=0x14e368*=0x1000, lpOverlapped=0x0) returned 1 [0082.749] ReadFile (in: hFile=0x260, lpBuffer=0x209c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e368, lpOverlapped=0x0 | out: lpBuffer=0x209c810*, lpNumberOfBytesRead=0x14e368*=0x1000, lpOverlapped=0x0) returned 1 [0082.749] ReadFile (in: hFile=0x260, lpBuffer=0x209c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e228, lpOverlapped=0x0 | out: lpBuffer=0x209c810*, lpNumberOfBytesRead=0x14e228*=0x1000, lpOverlapped=0x0) returned 1 [0082.759] ReadFile (in: hFile=0x260, lpBuffer=0x209c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e468, lpOverlapped=0x0 | out: lpBuffer=0x209c810*, lpNumberOfBytesRead=0x14e468*=0x1000, lpOverlapped=0x0) returned 1 [0082.761] ReadFile (in: hFile=0x260, lpBuffer=0x209c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e318, lpOverlapped=0x0 | out: lpBuffer=0x209c810*, lpNumberOfBytesRead=0x14e318*=0x1000, lpOverlapped=0x0) returned 1 [0082.761] ReadFile (in: hFile=0x260, lpBuffer=0x209c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e318, lpOverlapped=0x0 | out: lpBuffer=0x209c810*, lpNumberOfBytesRead=0x14e318*=0xc8f, lpOverlapped=0x0) returned 1 [0082.761] ReadFile (in: hFile=0x260, lpBuffer=0x209c810, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e438, lpOverlapped=0x0 | out: lpBuffer=0x209c810*, lpNumberOfBytesRead=0x14e438*=0x0, lpOverlapped=0x0) returned 1 [0082.761] CloseHandle (hObject=0x260) returned 1 [0082.764] GetCurrentProcess () returned 0xffffffffffffffff [0082.764] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14ea38 | out: TokenHandle=0x14ea38*=0x260) returned 1 [0082.764] GetCurrentProcess () returned 0xffffffffffffffff [0082.764] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14ea38 | out: TokenHandle=0x14ea38*=0x264) returned 1 [0082.765] GetCurrentProcess () returned 0xffffffffffffffff [0082.765] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e838 | out: TokenHandle=0x14e838*=0x268) returned 1 [0082.766] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x14e8f0 | out: lpFileInformation=0x14e8f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0082.766] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe.config", nBufferLength=0x105, lpBuffer=0x14e270, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe.config", lpFilePart=0x0) returned 0x69 [0082.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x14e8d8 | out: lpFileInformation=0x14e8d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0082.768] GetCurrentProcess () returned 0xffffffffffffffff [0082.768] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14ea38 | out: TokenHandle=0x14ea38*=0x26c) returned 1 [0082.768] GetCurrentProcess () returned 0xffffffffffffffff [0082.768] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14ea38 | out: TokenHandle=0x14ea38*=0x270) returned 1 [0082.788] GetCurrentProcess () returned 0xffffffffffffffff [0082.788] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e788 | out: TokenHandle=0x14e788*=0x274) returned 1 [0082.837] GetCurrentProcess () returned 0xffffffffffffffff [0082.837] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e798 | out: TokenHandle=0x14e798*=0x278) returned 1 [0082.862] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x27c [0082.864] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x280 [0082.872] GetCurrentProcess () returned 0xffffffffffffffff [0082.872] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e748 | out: TokenHandle=0x14e748*=0x284) returned 1 [0082.875] GetCurrentProcess () returned 0xffffffffffffffff [0082.875] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e758 | out: TokenHandle=0x14e758*=0x288) returned 1 [0082.884] QueryPerformanceFrequency (in: lpFrequency=0x7ffbe10569e8 | out: lpFrequency=0x7ffbe10569e8*=100000000) returned 1 [0082.884] QueryPerformanceCounter (in: lpPerformanceCount=0x14edc8 | out: lpPerformanceCount=0x14edc8*=1314067191063) returned 1 [0082.889] GetCurrentProcess () returned 0xffffffffffffffff [0082.889] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e648 | out: TokenHandle=0x14e648*=0x28c) returned 1 [0082.892] GetCurrentProcess () returned 0xffffffffffffffff [0082.892] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e658 | out: TokenHandle=0x14e658*=0x290) returned 1 [0082.906] GetCurrentProcess () returned 0xffffffffffffffff [0082.906] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e6b8 | out: TokenHandle=0x14e6b8*=0x294) returned 1 [0082.908] GetCurrentProcess () returned 0xffffffffffffffff [0082.908] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e6c8 | out: TokenHandle=0x14e6c8*=0x298) returned 1 [0082.915] GetCurrentProcess () returned 0xffffffffffffffff [0082.915] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14eb98 | out: TokenHandle=0x14eb98*=0x29c) returned 1 [0082.931] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cbb8 | out: phkResult=0x14cbb8*=0x2a0) returned 0x0 [0082.939] RegQueryValueExW (in: hKey=0x2a0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x14cc08, lpData=0x0, lpcbData=0x14cc00*=0x0 | out: lpType=0x14cc08*=0x1, lpData=0x0, lpcbData=0x14cc00*=0xe) returned 0x0 [0082.940] RegQueryValueExW (in: hKey=0x2a0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x14cc08, lpData=0x20cc8f0, lpcbData=0x14cc00*=0xe | out: lpType=0x14cc08*=0x1, lpData="Client", lpcbData=0x14cc00*=0xe) returned 0x0 [0082.940] RegCloseKey (hKey=0x2a0) returned 0x0 [0084.054] CoTaskMemAlloc (cb=0xcd0) returned 0x548f10 [0084.057] RasEnumConnectionsW (in: param_1=0x548f10, param_2=0x14eb40, param_3=0x14eb48 | out: param_1=0x548f10, param_2=0x14eb40, param_3=0x14eb48) returned 0x0 [0084.401] CoTaskMemFree (pv=0x548f10) [0084.411] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x14e898 | out: lpWSAData=0x14e898) returned 0 [0084.421] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x300 [0084.429] setsockopt (s=0x300, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0084.429] closesocket (s=0x300) returned 0 [0084.429] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x300 [0084.430] setsockopt (s=0x300, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0084.431] closesocket (s=0x300) returned 0 [0084.431] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x300 [0084.432] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x304 [0084.434] ioctlsocket (in: s=0x300, cmd=-2147195266, argp=0x14eb68 | out: argp=0x14eb68) returned 0 [0084.434] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x308 [0084.435] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x30c [0084.435] ioctlsocket (in: s=0x308, cmd=-2147195266, argp=0x14eb68 | out: argp=0x14eb68) returned 0 [0084.436] WSAIoctl (in: s=0x300, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14eaf0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14eaf0, lpOverlapped=0x0) returned -1 [0084.438] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e6d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0084.463] WSAEventSelect (s=0x300, hEventObject=0x304, lNetworkEvents=512) returned 0 [0084.463] WSAIoctl (in: s=0x308, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14eaf0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14eaf0, lpOverlapped=0x0) returned -1 [0084.463] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e6d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0084.463] WSAEventSelect (s=0x308, hEventObject=0x30c, lNetworkEvents=512) returned 0 [0084.463] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314 [0084.464] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x314, param_3=0x3) returned 0x0 [0084.480] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x14ebd8 | out: phkResult=0x14ebd8*=0x334) returned 0x0 [0084.480] RegOpenKeyExW (in: hKey=0x334, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x14eb18 | out: phkResult=0x14eb18*=0x338) returned 0x0 [0084.481] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c [0084.481] RegNotifyChangeKeyValue (hKey=0x338, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x33c, fAsynchronous=1) returned 0x0 [0084.482] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x14eb20 | out: phkResult=0x14eb20*=0x340) returned 0x0 [0084.482] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x344 [0084.482] RegNotifyChangeKeyValue (hKey=0x340, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x344, fAsynchronous=1) returned 0x0 [0084.529] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x14eb20 | out: phkResult=0x14eb20*=0x35c) returned 0x0 [0084.529] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x360 [0084.529] RegNotifyChangeKeyValue (hKey=0x35c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x360, fAsynchronous=1) returned 0x0 [0084.530] GetCurrentProcess () returned 0xffffffffffffffff [0084.530] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14eaa8 | out: TokenHandle=0x14eaa8*=0x364) returned 1 [0084.535] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x14dbf8 | out: phkResult=0x14dbf8*=0x368) returned 0x0 [0084.536] RegQueryValueExW (in: hKey=0x368, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x14dc38, lpData=0x0, lpcbData=0x14dc30*=0x0 | out: lpType=0x14dc38*=0x0, lpData=0x0, lpcbData=0x14dc30*=0x0) returned 0x2 [0084.536] RegCloseKey (hKey=0x368) returned 0x0 [0085.274] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x536e80 [0085.674] WinHttpSetTimeouts (hInternet=0x536e80, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0085.677] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x14eb20 | out: pProxyConfig=0x14eb20) returned 1 [0086.952] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x14dc30, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.952] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x14dc30, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.967] EtwEventRegister () returned 0x0 [0086.971] EtwEventSetInformation () returned 0x0 [0086.975] GetCurrentProcess () returned 0xffffffffffffffff [0086.975] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e618 | out: TokenHandle=0x14e618*=0x3a0) returned 1 [0086.977] GetCurrentProcess () returned 0xffffffffffffffff [0086.977] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e628 | out: TokenHandle=0x14e628*=0x3ac) returned 1 [0086.984] EtwEventRegister () returned 0x0 [0086.985] EtwEventSetInformation () returned 0x0 [0086.991] SetEvent (hEvent=0x27c) returned 1 [0087.078] GetCurrentProcess () returned 0xffffffffffffffff [0087.078] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e568 | out: TokenHandle=0x14e568*=0x3c8) returned 1 [0087.079] GetCurrentProcess () returned 0xffffffffffffffff [0087.079] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e578 | out: TokenHandle=0x14e578*=0x3cc) returned 1 [0087.082] GetTimeZoneInformation (in: lpTimeZoneInformation=0x14e8f0 | out: lpTimeZoneInformation=0x14e8f0) returned 0x2 [0087.083] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x14e708 | out: pTimeZoneInformation=0x14e708) returned 0x2 [0087.089] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e6d8 | out: phkResult=0x14e6d8*=0x3d0) returned 0x0 [0087.090] RegQueryValueExW (in: hKey=0x3d0, lpValueName="TZI", lpReserved=0x0, lpType=0x14e718, lpData=0x0, lpcbData=0x14e710*=0x0 | out: lpType=0x14e718*=0x3, lpData=0x0, lpcbData=0x14e710*=0x2c) returned 0x0 [0087.090] RegQueryValueExW (in: hKey=0x3d0, lpValueName="TZI", lpReserved=0x0, lpType=0x14e718, lpData=0x20d5b58, lpcbData=0x14e710*=0x2c | out: lpType=0x14e718*=0x3, lpData=0x20d5b58*, lpcbData=0x14e710*=0x2c) returned 0x0 [0087.091] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e4e8 | out: phkResult=0x14e4e8*=0x0) returned 0x2 [0087.092] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x14e6a8, lpData=0x0, lpcbData=0x14e6a0*=0x0 | out: lpType=0x14e6a8*=0x1, lpData=0x0, lpcbData=0x14e6a0*=0x20) returned 0x0 [0087.092] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x14e6a8, lpData=0x20d6058, lpcbData=0x14e6a0*=0x20 | out: lpType=0x14e6a8*=0x1, lpData="@tzres.dll,-320", lpcbData=0x14e6a0*=0x20) returned 0x0 [0087.092] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x14e6a8, lpData=0x0, lpcbData=0x14e6a0*=0x0 | out: lpType=0x14e6a8*=0x1, lpData=0x0, lpcbData=0x14e6a0*=0x20) returned 0x0 [0087.092] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x14e6a8, lpData=0x20d60c8, lpcbData=0x14e6a0*=0x20 | out: lpType=0x14e6a8*=0x1, lpData="@tzres.dll,-322", lpcbData=0x14e6a0*=0x20) returned 0x0 [0087.092] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x14e6a8, lpData=0x0, lpcbData=0x14e6a0*=0x0 | out: lpType=0x14e6a8*=0x1, lpData=0x0, lpcbData=0x14e6a0*=0x20) returned 0x0 [0087.092] RegQueryValueExW (in: hKey=0x3d0, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x14e6a8, lpData=0x20d6138, lpcbData=0x14e6a0*=0x20 | out: lpType=0x14e6a8*=0x1, lpData="@tzres.dll,-321", lpcbData=0x14e6a0*=0x20) returned 0x0 [0087.139] CoTaskMemAlloc (cb=0x20c) returned 0x539b20 [0087.140] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x539b20 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0087.145] CoTaskMemFree (pv=0x539b20) [0087.145] CoTaskMemAlloc (cb=0x20c) returned 0x5394c0 [0087.145] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x14e6f8, pwszFileMUIPath=0x5394c0, pcchFileMUIPath=0x14e700, pululEnumerator=0x14e6f0 | out: pwszLanguage=0x0, pcchLanguage=0x14e6f8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x14e700, pululEnumerator=0x14e6f0) returned 1 [0087.178] CoTaskMemFree (pv=0x0) [0087.178] CoTaskMemFree (pv=0x5394c0) [0087.179] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x660001 [0087.209] CoTaskMemAlloc (cb=0x3ec) returned 0x55c3c0 [0087.209] LoadStringW (in: hInstance=0x660001, uID=0x140, lpBuffer=0x55c3c0, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0087.210] CoTaskMemFree (pv=0x55c3c0) [0087.210] FreeLibrary (hLibModule=0x660001) returned 1 [0087.211] CoTaskMemAlloc (cb=0x20c) returned 0x5394c0 [0087.211] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5394c0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0087.211] CoTaskMemFree (pv=0x5394c0) [0087.211] CoTaskMemAlloc (cb=0x20c) returned 0x5394c0 [0087.211] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x14e6f8, pwszFileMUIPath=0x5394c0, pcchFileMUIPath=0x14e700, pululEnumerator=0x14e6f0 | out: pwszLanguage=0x0, pcchLanguage=0x14e6f8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x14e700, pululEnumerator=0x14e6f0) returned 1 [0087.214] CoTaskMemFree (pv=0x0) [0087.214] CoTaskMemFree (pv=0x5394c0) [0087.215] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x660001 [0087.222] CoTaskMemAlloc (cb=0x3ec) returned 0x55c3c0 [0087.222] LoadStringW (in: hInstance=0x660001, uID=0x142, lpBuffer=0x55c3c0, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0087.223] CoTaskMemFree (pv=0x55c3c0) [0087.223] FreeLibrary (hLibModule=0x660001) returned 1 [0087.223] CoTaskMemAlloc (cb=0x20c) returned 0x5394c0 [0087.223] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5394c0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0087.223] CoTaskMemFree (pv=0x5394c0) [0087.223] CoTaskMemAlloc (cb=0x20c) returned 0x539900 [0087.223] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x14e6f8, pwszFileMUIPath=0x539900, pcchFileMUIPath=0x14e700, pululEnumerator=0x14e6f0 | out: pwszLanguage=0x0, pcchLanguage=0x14e6f8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x14e700, pululEnumerator=0x14e6f0) returned 1 [0087.230] CoTaskMemFree (pv=0x0) [0087.230] CoTaskMemFree (pv=0x539900) [0087.230] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x660001 [0087.234] CoTaskMemAlloc (cb=0x3ec) returned 0x55c3c0 [0087.234] LoadStringW (in: hInstance=0x660001, uID=0x141, lpBuffer=0x55c3c0, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0087.234] CoTaskMemFree (pv=0x55c3c0) [0087.234] FreeLibrary (hLibModule=0x660001) returned 1 [0087.235] RegCloseKey (hKey=0x3d0) returned 0x0 [0087.237] SetEvent (hEvent=0x27c) returned 1 [0087.253] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x14ead8 | out: pFixedInfo=0x0, pOutBufLen=0x14ead8) returned 0x6f [0088.079] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x5016f0 [0088.079] GetNetworkParams (in: pFixedInfo=0x5016f0, pOutBufLen=0x14ead8 | out: pFixedInfo=0x5016f0, pOutBufLen=0x14ead8) returned 0x0 [0088.090] LocalFree (hMem=0x5016f0) returned 0x0 [0088.096] CoTaskMemAlloc (cb=0x20c) returned 0x518640 [0088.096] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x518640, nSize=0x104 | out: lpBuffer="") returned 0x0 [0088.096] CoTaskMemFree (pv=0x518640) [0088.096] CoTaskMemAlloc (cb=0x20c) returned 0x518640 [0088.096] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x518640, nSize=0x104 | out: lpBuffer="") returned 0x0 [0088.096] CoTaskMemFree (pv=0x518640) [0088.114] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x488 [0088.119] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x454 [0088.120] GetAddrInfoW (in: pNodeName="cdn.discordapp.com", pServiceName=0x0, pHints=0x14e948*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14e890 | out: ppResult=0x14e890*=0x55b870*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="cdn.discordapp.com", ai_addr=0x566630*(sa_family=2, sin_port=0x0, sin_addr="162.159.133.233"), ai_next=0x55b470*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5660b0*(sa_family=2, sin_port=0x0, sin_addr="162.159.130.233"), ai_next=0x55b530*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x566310*(sa_family=2, sin_port=0x0, sin_addr="162.159.129.233"), ai_next=0x55b5f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x566130*(sa_family=2, sin_port=0x0, sin_addr="162.159.134.233"), ai_next=0x55b570*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x566330*(sa_family=2, sin_port=0x0, sin_addr="162.159.135.233"), ai_next=0x0)))))) returned 0 [0089.076] FreeAddrInfoW (pAddrInfo=0x55b870*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="cdn.discordapp.com", ai_addr=0x566630*(sa_family=2, sin_port=0x0, sin_addr="162.159.133.233"), ai_next=0x55b470*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5660b0*(sa_family=2, sin_port=0x0, sin_addr="162.159.130.233"), ai_next=0x55b530*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x566310*(sa_family=2, sin_port=0x0, sin_addr="162.159.129.233"), ai_next=0x55b5f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x566130*(sa_family=2, sin_port=0x0, sin_addr="162.159.134.233"), ai_next=0x55b570*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x566330*(sa_family=2, sin_port=0x0, sin_addr="162.159.135.233"), ai_next=0x0)))))) [0089.087] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x490 [0089.087] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b8 [0089.087] ioctlsocket (in: s=0x490, cmd=-2147195266, argp=0x14e8b8 | out: argp=0x14e8b8) returned 0 [0089.087] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4bc [0089.088] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c0 [0089.088] ioctlsocket (in: s=0x4bc, cmd=-2147195266, argp=0x14e8b8 | out: argp=0x14e8b8) returned 0 [0089.088] WSAIoctl (in: s=0x490, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14e840, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14e840, lpOverlapped=0x0) returned -1 [0089.088] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e420, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0089.088] WSAEventSelect (s=0x490, hEventObject=0x4b8, lNetworkEvents=512) returned 0 [0089.089] WSAIoctl (in: s=0x4bc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14e840, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14e840, lpOverlapped=0x0) returned -1 [0089.089] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e420, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0089.089] WSAEventSelect (s=0x4bc, hEventObject=0x4c0, lNetworkEvents=512) returned 0 [0089.090] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x14e8a8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x14e8a8*=0xc20) returned 0x6f [0089.094] LocalAlloc (uFlags=0x0, uBytes=0xc20) returned 0x569c60 [0089.094] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x569c60, SizePointer=0x14e8a8*=0xc20 | out: AdapterAddresses=0x569c60*(Alignment=0x5000001c0, Length=0x1c0, IfIndex=0x5, Next=0x569f78, AdapterName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", FirstUnicastAddress=0x569ec8, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection", FriendlyName="Ethernet", PhysicalAddress=([0]=0x54, [1]=0x3, [2]=0xf5, [3]=0xb3, [4]=0x8, [5]=0x74, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x5, ZoneIndices=([0]=0x5, [1]=0x5, [2]=0x5, [3]=0x5, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008000000000, Dhcpv4Server.lpSockaddr=0x569e20*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x300053a, FirstDnsSuffix=0x0), SizePointer=0x14e8a8*=0xc20) returned 0x0 [0089.104] LocalFree (hMem=0x569c60) returned 0x0 [0089.109] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e888 | out: phkResult=0x14e888*=0x4c4) returned 0x0 [0089.109] RegQueryValueExW (in: hKey=0x4c4, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x14e8c8, lpData=0x0, lpcbData=0x14e8c0*=0x0 | out: lpType=0x14e8c8*=0x0, lpData=0x0, lpcbData=0x14e8c0*=0x0) returned 0x2 [0089.110] RegCloseKey (hKey=0x4c4) returned 0x0 [0089.112] WSAConnect (in: s=0x488, name=0x20e48d0*(sa_family=2, sin_port=0x1bb, sin_addr="162.159.133.233"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0089.133] closesocket (s=0x454) returned 0 [0089.187] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x14b8f8 | out: phkResult=0x14b8f8*=0x0) returned 0x2 [0089.190] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e6b8 | out: phkResult=0x14e6b8*=0x454) returned 0x0 [0089.190] RegQueryValueExW (in: hKey=0x454, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x14e6f8, lpData=0x0, lpcbData=0x14e6f0*=0x0 | out: lpType=0x14e6f8*=0x0, lpData=0x0, lpcbData=0x14e6f0*=0x0) returned 0x2 [0089.190] RegCloseKey (hKey=0x454) returned 0x0 [0089.579] EnumerateSecurityPackagesW (in: pcPackages=0x14e6f8, ppPackageInfo=0x14e610 | out: pcPackages=0x14e6f8, ppPackageInfo=0x14e610) returned 0x0 [0089.602] FreeContextBuffer (in: pvContextBuffer=0x56a070 | out: pvContextBuffer=0x56a070) returned 0x0 [0089.615] GetCurrentProcess () returned 0xffffffffffffffff [0089.615] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e248 | out: TokenHandle=0x14e248*=0x4d0) returned 1 [0089.617] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x20e7424, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x14e3b0, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x20e94d0, ptsExpiry=0x14e2d0 | out: phCredential=0x20e94d0, ptsExpiry=0x14e2d0) returned 0x0 [0089.658] InitializeSecurityContextW (in: phCredential=0x14e2a8, phContext=0x0, pTargetName=0x20e4a2c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x20e9788, pOutput=0x20e96e0, pfContextAttr=0x20e73f0, ptsExpiry=0x14e2a0 | out: phNewContext=0x20e9788, pOutput=0x20e96e0, pfContextAttr=0x20e73f0, ptsExpiry=0x14e2a0) returned 0x90312 [0089.660] FreeContextBuffer (in: pvContextBuffer=0x5429f0 | out: pvContextBuffer=0x5429f0) returned 0x0 [0089.683] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffc5ecd0000 [0089.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="GetCurrentPackageId", cchWideChar=19, lpMultiByteStr=0x14e340, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentPackageId", lpUsedDefaultChar=0x0) returned 19 [0089.685] GetProcAddress (hModule=0x7ffc5ecd0000, lpProcName="GetCurrentPackageId") returned 0x7ffc5bff8d40 [0089.685] GetCurrentPackageId () returned 0x3d54 [0089.690] send (s=0x488, buf=0x20e97b0*, len=130, flags=0) returned 130 [0089.706] recv (in: s=0x488, buf=0x20e97b0, len=5, flags=0 | out: buf=0x20e97b0*) returned 5 [0089.714] recv (in: s=0x488, buf=0x20e97b5, len=67, flags=0 | out: buf=0x20e97b5*) returned 67 [0089.716] InitializeSecurityContextW (in: phCredential=0x14e208, phContext=0x14e330, pTargetName=0x20e4a2c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x20e9f18, Reserved2=0x0, phNewContext=0x20e9788, pOutput=0x20e9f38, pfContextAttr=0x20e73f0, ptsExpiry=0x14e200 | out: phNewContext=0x20e9788, pOutput=0x20e9f38, pfContextAttr=0x20e73f0, ptsExpiry=0x14e200) returned 0x90312 [0089.716] recv (in: s=0x488, buf=0x20ea028, len=5, flags=0 | out: buf=0x20ea028*) returned 5 [0089.717] recv (in: s=0x488, buf=0x20ea04d, len=2802, flags=0 | out: buf=0x20ea04d*) returned 2802 [0089.717] InitializeSecurityContextW (in: phCredential=0x14e158, phContext=0x14e280, pTargetName=0x20e4a2c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x20eac08, Reserved2=0x0, phNewContext=0x20e9788, pOutput=0x20eac28, pfContextAttr=0x20e73f0, ptsExpiry=0x14e150 | out: phNewContext=0x20e9788, pOutput=0x20eac28, pfContextAttr=0x20e73f0, ptsExpiry=0x14e150) returned 0x90312 [0089.719] recv (in: s=0x488, buf=0x20ead18, len=5, flags=0 | out: buf=0x20ead18*) returned 5 [0089.719] recv (in: s=0x488, buf=0x20ead3d, len=331, flags=0 | out: buf=0x20ead3d*) returned 331 [0089.719] InitializeSecurityContextW (in: phCredential=0x14e0a8, phContext=0x14e1d0, pTargetName=0x20e4a2c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x20eaf50, Reserved2=0x0, phNewContext=0x20e9788, pOutput=0x20eaf70, pfContextAttr=0x20e73f0, ptsExpiry=0x14e0a0 | out: phNewContext=0x20e9788, pOutput=0x20eaf70, pfContextAttr=0x20e73f0, ptsExpiry=0x14e0a0) returned 0x90312 [0089.719] recv (in: s=0x488, buf=0x20eb060, len=5, flags=0 | out: buf=0x20eb060*) returned 5 [0089.719] recv (in: s=0x488, buf=0x20eb085, len=4, flags=0 | out: buf=0x20eb085*) returned 4 [0089.719] InitializeSecurityContextW (in: phCredential=0x14dff8, phContext=0x14e120, pTargetName=0x20e4a2c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x20eb158, Reserved2=0x0, phNewContext=0x20e9788, pOutput=0x20eb178, pfContextAttr=0x20e73f0, ptsExpiry=0x14dff0 | out: phNewContext=0x20e9788, pOutput=0x20eb178, pfContextAttr=0x20e73f0, ptsExpiry=0x14dff0) returned 0x90312 [0089.729] FreeContextBuffer (in: pvContextBuffer=0x5427e0 | out: pvContextBuffer=0x5427e0) returned 0x0 [0089.729] send (s=0x488, buf=0x20eb248*, len=134, flags=0) returned 134 [0089.730] recv (in: s=0x488, buf=0x20eb248, len=5, flags=0 | out: buf=0x20eb248*) returned 5 [0089.745] recv (in: s=0x488, buf=0x20eb30d, len=202, flags=0 | out: buf=0x20eb30d*) returned 202 [0089.746] InitializeSecurityContextW (in: phCredential=0x14df48, phContext=0x14e070, pTargetName=0x20e4a2c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x20eb4a0, Reserved2=0x0, phNewContext=0x20e9788, pOutput=0x20eb4c0, pfContextAttr=0x20e73f0, ptsExpiry=0x14df40 | out: phNewContext=0x20e9788, pOutput=0x20eb4c0, pfContextAttr=0x20e73f0, ptsExpiry=0x14df40) returned 0x90312 [0089.746] recv (in: s=0x488, buf=0x20eb5b0, len=5, flags=0 | out: buf=0x20eb5b0*) returned 5 [0089.746] recv (in: s=0x488, buf=0x20eb5d5, len=1, flags=0 | out: buf=0x20eb5d5*) returned 1 [0089.746] InitializeSecurityContextW (in: phCredential=0x14de98, phContext=0x14dfc0, pTargetName=0x20e4a2c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x20eb6a0, Reserved2=0x0, phNewContext=0x20e9788, pOutput=0x20eb6c0, pfContextAttr=0x20e73f0, ptsExpiry=0x14de90 | out: phNewContext=0x20e9788, pOutput=0x20eb6c0, pfContextAttr=0x20e73f0, ptsExpiry=0x14de90) returned 0x90312 [0089.746] recv (in: s=0x488, buf=0x20eb7b0, len=5, flags=0 | out: buf=0x20eb7b0*) returned 5 [0089.747] recv (in: s=0x488, buf=0x20eb7d5, len=48, flags=0 | out: buf=0x20eb7d5*) returned 48 [0089.747] InitializeSecurityContextW (in: phCredential=0x14dde8, phContext=0x14df10, pTargetName=0x20e4a2c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x20eb8d0, Reserved2=0x0, phNewContext=0x20e9788, pOutput=0x20eb8f0, pfContextAttr=0x20e73f0, ptsExpiry=0x14dde0 | out: phNewContext=0x20e9788, pOutput=0x20eb8f0, pfContextAttr=0x20e73f0, ptsExpiry=0x14dde0) returned 0x0 [0089.767] QueryContextAttributesW (in: phContext=0x20e9788, ulAttribute=0x4, pBuffer=0x20eba18 | out: pBuffer=0x20eba18) returned 0x0 [0089.767] QueryContextAttributesW (in: phContext=0x20e9788, ulAttribute=0x5a, pBuffer=0x20ebaa8 | out: pBuffer=0x20ebaa8) returned 0x0 [0089.774] QueryContextAttributesW (in: phContext=0x20e9788, ulAttribute=0x53, pBuffer=0x20ebe08 | out: pBuffer=0x20ebe08) returned 0x0 [0089.783] CertDuplicateCertificateContext (pCertContext=0x528f80) returned 0x528f80 [0089.783] CertDuplicateStore (hCertStore=0x552b00) returned 0x552b00 [0089.784] CertEnumCertificatesInStore (hCertStore=0x552b00, pPrevCertContext=0x0) returned 0x573910 [0089.784] CertDuplicateCertificateContext (pCertContext=0x573910) returned 0x573910 [0089.784] CertEnumCertificatesInStore (hCertStore=0x552b00, pPrevCertContext=0x573910) returned 0x528f80 [0089.785] CertDuplicateCertificateContext (pCertContext=0x528f80) returned 0x528f80 [0089.785] CertEnumCertificatesInStore (hCertStore=0x552b00, pPrevCertContext=0x528f80) returned 0x0 [0089.785] CertCloseStore (hCertStore=0x552b00, dwFlags=0x0) returned 1 [0089.785] CertFreeCertificateContext (pCertContext=0x528f80) returned 1 [0089.806] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x552bd0 [0089.813] CertAddCRLLinkToStore (in: hCertStore=0x552bd0, pCrlContext=0x573910, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0089.815] CertAddCRLLinkToStore (in: hCertStore=0x552bd0, pCrlContext=0x528f80, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0089.821] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x528f80, pTime=0x14df00, hAdditionalStore=0x552bd0, pChainPara=0x14dd98, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x14dd80 | out: ppChainContext=0x14dd80) returned 1 [0089.851] CertDuplicateCertificateChain (pChainContext=0x57a780) returned 0x57a780 [0089.851] CertDuplicateCertificateContext (pCertContext=0x528f80) returned 0x528f80 [0089.851] CertDuplicateCertificateContext (pCertContext=0x573c90) returned 0x573c90 [0089.852] CertDuplicateCertificateContext (pCertContext=0x575710) returned 0x575710 [0089.852] CertFreeCertificateChain (pChainContext=0x57a780) [0089.852] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x57a780, pPolicyPara=0x14e048, pPolicyStatus=0x14e028 | out: pPolicyStatus=0x14e028) returned 1 [0089.852] SetLastError (dwErrCode=0x0) [0089.854] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x57a780, pPolicyPara=0x14e128, pPolicyStatus=0x14e078 | out: pPolicyStatus=0x14e078) returned 1 [0089.862] CertFreeCertificateChain (pChainContext=0x57a780) [0089.862] CertFreeCertificateContext (pCertContext=0x528f80) returned 1 [0089.866] CoTaskMemAlloc (cb=0x20c) returned 0x51a620 [0089.866] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x51a620, nSize=0x104 | out: lpBuffer="") returned 0x0 [0089.866] CoTaskMemFree (pv=0x51a620) [0089.866] CoTaskMemAlloc (cb=0x20c) returned 0x519b80 [0089.866] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x519b80, nSize=0x104 | out: lpBuffer="") returned 0x0 [0089.867] CoTaskMemFree (pv=0x519b80) [0089.867] CoTaskMemAlloc (cb=0x20c) returned 0x518640 [0089.867] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x518640, nSize=0x104 | out: lpBuffer="") returned 0x0 [0089.867] CoTaskMemFree (pv=0x518640) [0089.867] CoTaskMemAlloc (cb=0x20c) returned 0x518640 [0089.867] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x518640, nSize=0x104 | out: lpBuffer="") returned 0x0 [0089.867] CoTaskMemFree (pv=0x518640) [0089.869] EncryptMessage (in: phContext=0x20e9788, fQOP=0x0, pMessage=0x20f5340, MessageSeqNo=0x0 | out: pMessage=0x20f5340) returned 0x0 [0089.869] send (s=0x488, buf=0x20f3d90*, len=165, flags=0) returned 165 [0089.885] setsockopt (s=0x488, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0089.893] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.917] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.920] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2105860, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2105860, pfQOP=0x0) returned 0x0 [0089.928] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.928] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.928] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21098b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21098b0, pfQOP=0x0) returned 0x0 [0089.967] setsockopt (s=0x488, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0089.967] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.968] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.968] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212b450, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212b450, pfQOP=0x0) returned 0x0 [0089.968] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.968] recv (in: s=0x488, buf=0x210173d, len=208, flags=0 | out: buf=0x210173d*) returned 208 [0089.969] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212b630, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212b630, pfQOP=0x0) returned 0x0 [0089.969] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.969] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.969] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212b810, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212b810, pfQOP=0x0) returned 0x0 [0089.969] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.969] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.969] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212b9f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212b9f0, pfQOP=0x0) returned 0x0 [0089.969] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.969] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.970] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212bbd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212bbd0, pfQOP=0x0) returned 0x0 [0089.971] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.971] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.971] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212bdb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212bdb0, pfQOP=0x0) returned 0x0 [0089.971] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.971] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.971] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212bf90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212bf90, pfQOP=0x0) returned 0x0 [0089.971] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.971] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.971] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212c170, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212c170, pfQOP=0x0) returned 0x0 [0089.971] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.971] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.971] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212c350, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212c350, pfQOP=0x0) returned 0x0 [0089.972] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.972] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.972] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212c530, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212c530, pfQOP=0x0) returned 0x0 [0089.972] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.972] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.972] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212c710, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212c710, pfQOP=0x0) returned 0x0 [0089.972] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.972] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.972] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212c8f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212c8f0, pfQOP=0x0) returned 0x0 [0089.972] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.972] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.972] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212cad0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212cad0, pfQOP=0x0) returned 0x0 [0089.973] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.973] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.973] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212ccb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212ccb0, pfQOP=0x0) returned 0x0 [0089.973] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.973] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.973] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212ce90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212ce90, pfQOP=0x0) returned 0x0 [0089.973] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.973] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.973] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212d070, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212d070, pfQOP=0x0) returned 0x0 [0089.973] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.973] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.973] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212d250, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212d250, pfQOP=0x0) returned 0x0 [0089.974] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.974] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.974] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212d430, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212d430, pfQOP=0x0) returned 0x0 [0089.974] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.974] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.974] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212d610, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212d610, pfQOP=0x0) returned 0x0 [0089.974] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.974] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.974] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212d7f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212d7f0, pfQOP=0x0) returned 0x0 [0089.974] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.974] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.974] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212d9d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212d9d0, pfQOP=0x0) returned 0x0 [0089.974] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.974] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.975] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212dbb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212dbb0, pfQOP=0x0) returned 0x0 [0089.975] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.975] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.975] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212dd90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212dd90, pfQOP=0x0) returned 0x0 [0089.975] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.975] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.975] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212df70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212df70, pfQOP=0x0) returned 0x0 [0089.975] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.975] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.975] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212e150, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212e150, pfQOP=0x0) returned 0x0 [0089.975] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.975] recv (in: s=0x488, buf=0x210173d, len=1312, flags=0 | out: buf=0x210173d*) returned 1312 [0089.976] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212e330, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212e330, pfQOP=0x0) returned 0x0 [0089.976] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.976] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.976] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212e510, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212e510, pfQOP=0x0) returned 0x0 [0089.976] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.976] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.976] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212e6f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212e6f0, pfQOP=0x0) returned 0x0 [0089.976] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.976] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.976] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212e8d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212e8d0, pfQOP=0x0) returned 0x0 [0089.976] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.976] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.976] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212eab0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212eab0, pfQOP=0x0) returned 0x0 [0089.976] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.977] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.977] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212ec90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212ec90, pfQOP=0x0) returned 0x0 [0089.977] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.977] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.977] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212ee70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212ee70, pfQOP=0x0) returned 0x0 [0089.977] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.977] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.977] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212f050, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212f050, pfQOP=0x0) returned 0x0 [0089.977] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.977] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.977] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212f230, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212f230, pfQOP=0x0) returned 0x0 [0089.977] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.977] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.977] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212f410, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212f410, pfQOP=0x0) returned 0x0 [0089.978] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.978] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.978] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212f5f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212f5f0, pfQOP=0x0) returned 0x0 [0089.978] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.978] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.978] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212f7d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212f7d0, pfQOP=0x0) returned 0x0 [0089.978] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.978] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.978] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212f9b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212f9b0, pfQOP=0x0) returned 0x0 [0089.978] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.978] recv (in: s=0x488, buf=0x210173d, len=1392, flags=0 | out: buf=0x210173d*) returned 1392 [0089.978] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212fb90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212fb90, pfQOP=0x0) returned 0x0 [0089.979] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.979] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.979] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212fd70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212fd70, pfQOP=0x0) returned 0x0 [0089.979] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.979] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.979] DecryptMessage (in: phContext=0x20e9788, pMessage=0x212ff50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x212ff50, pfQOP=0x0) returned 0x0 [0089.979] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.979] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.979] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2130130, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2130130, pfQOP=0x0) returned 0x0 [0089.980] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.980] recv (in: s=0x488, buf=0x210173d, len=2320, flags=0 | out: buf=0x210173d*) returned 2320 [0089.980] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2130338, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2130338, pfQOP=0x0) returned 0x0 [0089.980] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.980] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.980] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2130518, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2130518, pfQOP=0x0) returned 0x0 [0089.981] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.981] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.981] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21306f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21306f8, pfQOP=0x0) returned 0x0 [0089.981] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.981] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.981] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21308d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21308d8, pfQOP=0x0) returned 0x0 [0089.981] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.981] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.981] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2130ab8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2130ab8, pfQOP=0x0) returned 0x0 [0089.981] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.981] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.981] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2130c98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2130c98, pfQOP=0x0) returned 0x0 [0089.981] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.981] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.982] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2130e78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2130e78, pfQOP=0x0) returned 0x0 [0089.982] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.982] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.982] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2131058, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2131058, pfQOP=0x0) returned 0x0 [0089.982] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.982] recv (in: s=0x488, buf=0x210173d, len=3200, flags=0 | out: buf=0x210173d*) returned 3200 [0089.982] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2131238, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2131238, pfQOP=0x0) returned 0x0 [0089.982] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.982] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.982] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2131418, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2131418, pfQOP=0x0) returned 0x0 [0089.982] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.983] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.983] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21315f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21315f8, pfQOP=0x0) returned 0x0 [0089.983] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.983] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.983] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21317d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21317d8, pfQOP=0x0) returned 0x0 [0089.983] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.983] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.983] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21319b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21319b8, pfQOP=0x0) returned 0x0 [0089.983] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.983] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.983] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2131b98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2131b98, pfQOP=0x0) returned 0x0 [0089.983] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.983] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0089.984] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2131d78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2131d78, pfQOP=0x0) returned 0x0 [0089.984] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0089.984] recv (in: s=0x488, buf=0x210173d, len=3600, flags=0 | out: buf=0x210173d*) returned 3600 [0089.985] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2131f58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2131f58, pfQOP=0x0) returned 0x0 [0089.985] SetEvent (hEvent=0x27c) returned 1 [0090.048] QueryPerformanceCounter (in: lpPerformanceCount=0x14edc8 | out: lpPerformanceCount=0x14edc8*=1314783547234) returned 1 [0090.048] SetEvent (hEvent=0x27c) returned 1 [0090.050] select (in: nfds=0, readfds=0x2134b98, writefds=0x0, exceptfds=0x0, timeout=0x14ec08*(tv_sec=0, tv_usec=0) | out: readfds=0x2134b98, writefds=0x0, exceptfds=0x0) returned 0 [0090.052] EncryptMessage (in: phContext=0x20e9788, fQOP=0x0, pMessage=0x2134fa0, MessageSeqNo=0x0 | out: pMessage=0x2134fa0) returned 0x0 [0090.052] send (s=0x488, buf=0x20f3d90*, len=133, flags=0) returned 133 [0090.053] setsockopt (s=0x488, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0090.053] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.087] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.087] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21351a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21351a8, pfQOP=0x0) returned 0x0 [0090.096] setsockopt (s=0x488, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0090.097] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.097] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.097] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2157840, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2157840, pfQOP=0x0) returned 0x0 [0090.097] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.097] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.098] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2157a20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2157a20, pfQOP=0x0) returned 0x0 [0090.098] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.099] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.099] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2157c00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2157c00, pfQOP=0x0) returned 0x0 [0090.099] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.099] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.099] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2157de0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2157de0, pfQOP=0x0) returned 0x0 [0090.099] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.099] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.099] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2157fc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2157fc0, pfQOP=0x0) returned 0x0 [0090.099] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.100] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.100] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21581a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21581a0, pfQOP=0x0) returned 0x0 [0090.100] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.100] recv (in: s=0x488, buf=0x210173d, len=3008, flags=0 | out: buf=0x210173d*) returned 3008 [0090.100] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2158380, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2158380, pfQOP=0x0) returned 0x0 [0090.100] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.100] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.100] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2158560, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2158560, pfQOP=0x0) returned 0x0 [0090.100] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.100] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.100] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2158740, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2158740, pfQOP=0x0) returned 0x0 [0090.100] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.100] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.100] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2158920, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2158920, pfQOP=0x0) returned 0x0 [0090.101] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.101] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.101] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2158b00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2158b00, pfQOP=0x0) returned 0x0 [0090.101] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.101] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.101] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2158ce0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2158ce0, pfQOP=0x0) returned 0x0 [0090.102] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.102] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.102] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2158ec0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2158ec0, pfQOP=0x0) returned 0x0 [0090.103] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.103] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.103] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21590a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21590a0, pfQOP=0x0) returned 0x0 [0090.104] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.104] recv (in: s=0x488, buf=0x210173d, len=3200, flags=0 | out: buf=0x210173d*) returned 3200 [0090.104] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2159280, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2159280, pfQOP=0x0) returned 0x0 [0090.104] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.105] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.105] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2159460, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2159460, pfQOP=0x0) returned 0x0 [0090.108] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.108] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.109] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2159668, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2159668, pfQOP=0x0) returned 0x0 [0090.110] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.110] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.111] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2159848, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2159848, pfQOP=0x0) returned 0x0 [0090.112] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.112] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.114] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2159a28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2159a28, pfQOP=0x0) returned 0x0 [0090.114] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.114] recv (in: s=0x488, buf=0x210173d, len=4256, flags=0 | out: buf=0x210173d*) returned 4256 [0090.114] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2159c08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2159c08, pfQOP=0x0) returned 0x0 [0090.115] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.115] recv (in: s=0x488, buf=0x210173d, len=11648, flags=0 | out: buf=0x210173d*) returned 11648 [0090.115] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2159de8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2159de8, pfQOP=0x0) returned 0x0 [0090.115] recv (in: s=0x488, buf=0x2101738, len=5, flags=0 | out: buf=0x2101738*) returned 5 [0090.115] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.115] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215e008, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215e008, pfQOP=0x0) returned 0x0 [0090.116] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.116] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.116] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215e1e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215e1e8, pfQOP=0x0) returned 0x0 [0090.121] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.121] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.123] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215e3c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215e3c8, pfQOP=0x0) returned 0x0 [0090.123] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.123] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.124] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215e5a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215e5a8, pfQOP=0x0) returned 0x0 [0090.124] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.124] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.124] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215e788, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215e788, pfQOP=0x0) returned 0x0 [0090.125] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.125] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.126] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215e968, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215e968, pfQOP=0x0) returned 0x0 [0090.127] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.128] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.132] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215eb48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215eb48, pfQOP=0x0) returned 0x0 [0090.134] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.134] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.134] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215ed50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215ed50, pfQOP=0x0) returned 0x0 [0090.135] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.135] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.135] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215ef30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215ef30, pfQOP=0x0) returned 0x0 [0090.135] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.135] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.136] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215f110, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215f110, pfQOP=0x0) returned 0x0 [0090.136] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.136] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.137] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215f2f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215f2f0, pfQOP=0x0) returned 0x0 [0090.137] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.137] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.138] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215f4d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215f4d0, pfQOP=0x0) returned 0x0 [0090.138] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.138] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.139] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215f6b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215f6b0, pfQOP=0x0) returned 0x0 [0090.140] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.140] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.140] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215f890, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215f890, pfQOP=0x0) returned 0x0 [0090.140] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.140] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.141] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215fa70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215fa70, pfQOP=0x0) returned 0x0 [0090.141] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.141] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.142] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215fc50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215fc50, pfQOP=0x0) returned 0x0 [0090.142] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.142] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.142] DecryptMessage (in: phContext=0x20e9788, pMessage=0x215fe30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x215fe30, pfQOP=0x0) returned 0x0 [0090.143] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.143] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.143] DecryptMessage (in: phContext=0x20e9788, pMessage=0x2160010, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2160010, pfQOP=0x0) returned 0x0 [0090.144] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.144] recv (in: s=0x488, buf=0x2159edd, len=16416, flags=0 | out: buf=0x2159edd*) returned 16416 [0090.145] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21601f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21601f0, pfQOP=0x0) returned 0x0 [0090.145] recv (in: s=0x488, buf=0x2159ed8, len=5, flags=0 | out: buf=0x2159ed8*) returned 5 [0090.145] recv (in: s=0x488, buf=0x2159edd, len=5168, flags=0 | out: buf=0x2159edd*) returned 5168 [0090.146] DecryptMessage (in: phContext=0x20e9788, pMessage=0x21603d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21603d0, pfQOP=0x0) returned 0x0 [0090.146] SetEvent (hEvent=0x27c) returned 1 [0092.286] CoTaskMemAlloc (cb=0x8) returned 0x569d80 [0092.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32.dll", cchWideChar=12, lpMultiByteStr=0x14b550, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32.dllÿÿÿÿ@µ\x14", lpUsedDefaultChar=0x0) returned 12 [0092.498] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x7ffc5ecd0000 [0092.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualProtect", cchWideChar=14, lpMultiByteStr=0x14b5a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualProtectÿÿ\x90µ\x14", lpUsedDefaultChar=0x0) returned 14 [0092.510] GetProcAddress (hModule=0x7ffc5ecd0000, lpProcName="VirtualProtect") returned 0x7ffc5ecf3a90 [0092.537] VirtualProtect (in: lpAddress=0x660274, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.540] VirtualProtect (in: lpAddress=0x660274, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.541] VirtualProtect (in: lpAddress=0x660340, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.541] VirtualProtect (in: lpAddress=0x660340, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.541] VirtualProtect (in: lpAddress=0x66050c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.541] VirtualProtect (in: lpAddress=0x66050c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.541] VirtualProtect (in: lpAddress=0x66051c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.542] VirtualProtect (in: lpAddress=0x66051c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.542] VirtualProtect (in: lpAddress=0x66052c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.542] VirtualProtect (in: lpAddress=0x66052c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.542] VirtualProtect (in: lpAddress=0x66053c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.542] VirtualProtect (in: lpAddress=0x66053c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.543] VirtualProtect (in: lpAddress=0x66057c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.543] VirtualProtect (in: lpAddress=0x66057c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.543] VirtualProtect (in: lpAddress=0x66058c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.543] VirtualProtect (in: lpAddress=0x66058c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.544] VirtualProtect (in: lpAddress=0x66059c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.544] VirtualProtect (in: lpAddress=0x66059c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.544] VirtualProtect (in: lpAddress=0x6605ac, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.544] VirtualProtect (in: lpAddress=0x6605ac, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.544] VirtualProtect (in: lpAddress=0x6605bc, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.545] VirtualProtect (in: lpAddress=0x6605bc, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.545] VirtualProtect (in: lpAddress=0x6605cc, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.545] VirtualProtect (in: lpAddress=0x6605cc, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.545] VirtualProtect (in: lpAddress=0x6605dc, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.545] VirtualProtect (in: lpAddress=0x6605dc, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.546] VirtualProtect (in: lpAddress=0x6606a0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.546] VirtualProtect (in: lpAddress=0x6606a0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.546] VirtualProtect (in: lpAddress=0x6606b0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.546] VirtualProtect (in: lpAddress=0x6606b0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.546] VirtualProtect (in: lpAddress=0x660768, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.547] VirtualProtect (in: lpAddress=0x660768, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.547] VirtualProtect (in: lpAddress=0x660770, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.547] VirtualProtect (in: lpAddress=0x660770, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.547] VirtualProtect (in: lpAddress=0x660778, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.547] VirtualProtect (in: lpAddress=0x660778, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.548] VirtualProtect (in: lpAddress=0x660790, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.548] VirtualProtect (in: lpAddress=0x660790, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.548] VirtualProtect (in: lpAddress=0x660798, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.548] VirtualProtect (in: lpAddress=0x660798, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.549] VirtualProtect (in: lpAddress=0x6607b0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.549] VirtualProtect (in: lpAddress=0x6607b0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.549] VirtualProtect (in: lpAddress=0x6607b8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.549] VirtualProtect (in: lpAddress=0x6607b8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.549] VirtualProtect (in: lpAddress=0x6607d0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.550] VirtualProtect (in: lpAddress=0x6607d0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.550] VirtualProtect (in: lpAddress=0x6607d8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.550] VirtualProtect (in: lpAddress=0x6607d8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.550] VirtualProtect (in: lpAddress=0x6607f8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.551] VirtualProtect (in: lpAddress=0x6607f8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.551] VirtualProtect (in: lpAddress=0x660808, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.551] VirtualProtect (in: lpAddress=0x660808, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.551] VirtualProtect (in: lpAddress=0x660818, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.551] VirtualProtect (in: lpAddress=0x660818, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.552] VirtualProtect (in: lpAddress=0x660828, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.552] VirtualProtect (in: lpAddress=0x660828, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.552] VirtualProtect (in: lpAddress=0x660838, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.552] VirtualProtect (in: lpAddress=0x660838, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.552] VirtualProtect (in: lpAddress=0x660848, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.553] VirtualProtect (in: lpAddress=0x660848, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.553] VirtualProtect (in: lpAddress=0x660858, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.553] VirtualProtect (in: lpAddress=0x660858, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.553] VirtualProtect (in: lpAddress=0x66092c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.553] VirtualProtect (in: lpAddress=0x66092c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.554] VirtualProtect (in: lpAddress=0x66093c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.554] VirtualProtect (in: lpAddress=0x66093c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.554] VirtualProtect (in: lpAddress=0x660d2c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.554] VirtualProtect (in: lpAddress=0x660d2c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.554] VirtualProtect (in: lpAddress=0x660d3c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.555] VirtualProtect (in: lpAddress=0x660d3c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.555] VirtualProtect (in: lpAddress=0x660d44, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.555] VirtualProtect (in: lpAddress=0x660d44, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.555] VirtualProtect (in: lpAddress=0x660d4c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.555] VirtualProtect (in: lpAddress=0x660d4c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.556] VirtualProtect (in: lpAddress=0x660d7c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.556] VirtualProtect (in: lpAddress=0x660d7c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.556] VirtualProtect (in: lpAddress=0x660d8c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.556] VirtualProtect (in: lpAddress=0x660d8c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.556] VirtualProtect (in: lpAddress=0x660d94, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.557] VirtualProtect (in: lpAddress=0x660d94, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.557] VirtualProtect (in: lpAddress=0x660d9c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.557] VirtualProtect (in: lpAddress=0x660d9c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.557] VirtualProtect (in: lpAddress=0x660dc8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.557] VirtualProtect (in: lpAddress=0x660dc8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.558] VirtualProtect (in: lpAddress=0x660dd8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.558] VirtualProtect (in: lpAddress=0x660dd8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.558] VirtualProtect (in: lpAddress=0x660f70, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.558] VirtualProtect (in: lpAddress=0x660f70, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.559] VirtualProtect (in: lpAddress=0x660f80, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.559] VirtualProtect (in: lpAddress=0x660f80, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.559] VirtualProtect (in: lpAddress=0x660f90, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.559] VirtualProtect (in: lpAddress=0x660f90, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.559] VirtualProtect (in: lpAddress=0x661100, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.560] VirtualProtect (in: lpAddress=0x661100, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.560] VirtualProtect (in: lpAddress=0x661110, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.560] VirtualProtect (in: lpAddress=0x661110, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.560] VirtualProtect (in: lpAddress=0x661150, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.561] VirtualProtect (in: lpAddress=0x661150, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.561] VirtualProtect (in: lpAddress=0x66122c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.562] VirtualProtect (in: lpAddress=0x66122c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.562] VirtualProtect (in: lpAddress=0x661234, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.562] VirtualProtect (in: lpAddress=0x661234, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.562] VirtualProtect (in: lpAddress=0x661270, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.562] VirtualProtect (in: lpAddress=0x661270, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.563] VirtualProtect (in: lpAddress=0x661280, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.563] VirtualProtect (in: lpAddress=0x661280, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.563] VirtualProtect (in: lpAddress=0x661290, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.563] VirtualProtect (in: lpAddress=0x661290, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.563] VirtualProtect (in: lpAddress=0x6612a0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.564] VirtualProtect (in: lpAddress=0x6612a0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.564] VirtualProtect (in: lpAddress=0x6613c0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.564] VirtualProtect (in: lpAddress=0x6613c0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.564] VirtualProtect (in: lpAddress=0x6613e0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.564] VirtualProtect (in: lpAddress=0x6613e0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.565] VirtualProtect (in: lpAddress=0x661420, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.565] VirtualProtect (in: lpAddress=0x661420, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.565] VirtualProtect (in: lpAddress=0x661438, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.565] VirtualProtect (in: lpAddress=0x661438, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.565] VirtualProtect (in: lpAddress=0x66144c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.566] VirtualProtect (in: lpAddress=0x66144c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.566] VirtualProtect (in: lpAddress=0x66145c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.566] VirtualProtect (in: lpAddress=0x66145c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.566] VirtualProtect (in: lpAddress=0x66146c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.567] VirtualProtect (in: lpAddress=0x66146c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.567] VirtualProtect (in: lpAddress=0x661560, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.567] VirtualProtect (in: lpAddress=0x661560, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.567] VirtualProtect (in: lpAddress=0x661620, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.567] VirtualProtect (in: lpAddress=0x661620, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.567] VirtualProtect (in: lpAddress=0x661630, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.568] VirtualProtect (in: lpAddress=0x661630, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.568] VirtualProtect (in: lpAddress=0x661640, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.568] VirtualProtect (in: lpAddress=0x661640, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.568] VirtualProtect (in: lpAddress=0x661650, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.569] VirtualProtect (in: lpAddress=0x661650, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.569] VirtualProtect (in: lpAddress=0x661668, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.569] VirtualProtect (in: lpAddress=0x661668, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.569] VirtualProtect (in: lpAddress=0x661678, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.570] VirtualProtect (in: lpAddress=0x661678, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.570] VirtualProtect (in: lpAddress=0x661688, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.570] VirtualProtect (in: lpAddress=0x661688, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.570] VirtualProtect (in: lpAddress=0x661698, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.571] VirtualProtect (in: lpAddress=0x661698, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.571] VirtualProtect (in: lpAddress=0x6616a8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.571] VirtualProtect (in: lpAddress=0x6616a8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.571] VirtualProtect (in: lpAddress=0x6616c0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.571] VirtualProtect (in: lpAddress=0x6616c0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.572] VirtualProtect (in: lpAddress=0x6616d0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.572] VirtualProtect (in: lpAddress=0x6616d0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.572] VirtualProtect (in: lpAddress=0x6616e0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.572] VirtualProtect (in: lpAddress=0x6616e0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.572] VirtualProtect (in: lpAddress=0x6616f0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.573] VirtualProtect (in: lpAddress=0x6616f0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.573] VirtualProtect (in: lpAddress=0x661828, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.573] VirtualProtect (in: lpAddress=0x661828, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.573] VirtualProtect (in: lpAddress=0x661838, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.573] VirtualProtect (in: lpAddress=0x661838, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.574] VirtualProtect (in: lpAddress=0x661848, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.574] VirtualProtect (in: lpAddress=0x661848, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.574] VirtualProtect (in: lpAddress=0x661858, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.574] VirtualProtect (in: lpAddress=0x661858, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.574] VirtualProtect (in: lpAddress=0x661868, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.575] VirtualProtect (in: lpAddress=0x661868, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.575] VirtualProtect (in: lpAddress=0x661878, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.575] VirtualProtect (in: lpAddress=0x661878, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.575] VirtualProtect (in: lpAddress=0x661888, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.575] VirtualProtect (in: lpAddress=0x661888, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.576] VirtualProtect (in: lpAddress=0x661898, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.576] VirtualProtect (in: lpAddress=0x661898, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.576] VirtualProtect (in: lpAddress=0x6618a8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.576] VirtualProtect (in: lpAddress=0x6618a8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.576] VirtualProtect (in: lpAddress=0x6618b8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.577] VirtualProtect (in: lpAddress=0x6618b8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.577] VirtualProtect (in: lpAddress=0x6618c8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.577] VirtualProtect (in: lpAddress=0x6618c8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.577] VirtualProtect (in: lpAddress=0x6618d8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.577] VirtualProtect (in: lpAddress=0x6618d8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.578] VirtualProtect (in: lpAddress=0x6618e8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.578] VirtualProtect (in: lpAddress=0x6618e8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.578] VirtualProtect (in: lpAddress=0x6618f8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.578] VirtualProtect (in: lpAddress=0x6618f8, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.579] VirtualProtect (in: lpAddress=0x661908, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.579] VirtualProtect (in: lpAddress=0x661908, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.579] VirtualProtect (in: lpAddress=0x661918, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.579] VirtualProtect (in: lpAddress=0x661918, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.579] VirtualProtect (in: lpAddress=0x661928, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.580] VirtualProtect (in: lpAddress=0x661928, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.580] VirtualProtect (in: lpAddress=0x661938, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.580] VirtualProtect (in: lpAddress=0x661938, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.580] VirtualProtect (in: lpAddress=0x661948, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.581] VirtualProtect (in: lpAddress=0x661948, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.581] VirtualProtect (in: lpAddress=0x661958, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.581] VirtualProtect (in: lpAddress=0x661958, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.581] VirtualProtect (in: lpAddress=0x661968, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.581] VirtualProtect (in: lpAddress=0x661968, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.581] VirtualProtect (in: lpAddress=0x661978, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.582] VirtualProtect (in: lpAddress=0x661978, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.582] VirtualProtect (in: lpAddress=0x661990, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.582] VirtualProtect (in: lpAddress=0x661990, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.582] VirtualProtect (in: lpAddress=0x6619a0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.583] VirtualProtect (in: lpAddress=0x6619a0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.583] VirtualProtect (in: lpAddress=0x6619b0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.583] VirtualProtect (in: lpAddress=0x6619b0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.583] VirtualProtect (in: lpAddress=0x6619c0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.584] VirtualProtect (in: lpAddress=0x6619c0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.584] VirtualProtect (in: lpAddress=0x6619d0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.584] VirtualProtect (in: lpAddress=0x6619d0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.584] VirtualProtect (in: lpAddress=0x6619f0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.585] VirtualProtect (in: lpAddress=0x6619f0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.585] VirtualProtect (in: lpAddress=0x661a00, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.585] VirtualProtect (in: lpAddress=0x661a00, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.585] VirtualProtect (in: lpAddress=0x661a10, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.586] VirtualProtect (in: lpAddress=0x661a10, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.586] VirtualProtect (in: lpAddress=0x661a20, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.586] VirtualProtect (in: lpAddress=0x661a20, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.586] VirtualProtect (in: lpAddress=0x661a30, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.586] VirtualProtect (in: lpAddress=0x661a30, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.587] VirtualProtect (in: lpAddress=0x661a40, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.587] VirtualProtect (in: lpAddress=0x661a40, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.587] VirtualProtect (in: lpAddress=0x661a50, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.587] VirtualProtect (in: lpAddress=0x661a50, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.587] VirtualProtect (in: lpAddress=0x661a60, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.588] VirtualProtect (in: lpAddress=0x661a60, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.588] VirtualProtect (in: lpAddress=0x661a70, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.588] VirtualProtect (in: lpAddress=0x661a70, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.588] VirtualProtect (in: lpAddress=0x661a80, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.589] VirtualProtect (in: lpAddress=0x661a80, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.589] VirtualProtect (in: lpAddress=0x661a90, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.589] VirtualProtect (in: lpAddress=0x661a90, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.589] VirtualProtect (in: lpAddress=0x661cf0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.589] VirtualProtect (in: lpAddress=0x661cf0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.590] VirtualProtect (in: lpAddress=0x661d00, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.590] VirtualProtect (in: lpAddress=0x661d00, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.590] VirtualProtect (in: lpAddress=0x661d10, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.590] VirtualProtect (in: lpAddress=0x661d10, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.591] VirtualProtect (in: lpAddress=0x661d20, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.591] VirtualProtect (in: lpAddress=0x661d20, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.591] VirtualProtect (in: lpAddress=0x661d38, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.591] VirtualProtect (in: lpAddress=0x661d38, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.591] VirtualProtect (in: lpAddress=0x661d48, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.592] VirtualProtect (in: lpAddress=0x661d48, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.592] VirtualProtect (in: lpAddress=0x661d58, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.592] VirtualProtect (in: lpAddress=0x661d58, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.592] VirtualProtect (in: lpAddress=0x661d68, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.592] VirtualProtect (in: lpAddress=0x661d68, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.592] VirtualProtect (in: lpAddress=0x661d80, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.593] VirtualProtect (in: lpAddress=0x661d80, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.593] VirtualProtect (in: lpAddress=0x661d90, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.593] VirtualProtect (in: lpAddress=0x661d90, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.593] VirtualProtect (in: lpAddress=0x661da0, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x14d208 | out: lpflOldProtect=0x14d208*=0x4) returned 1 [0092.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="mscorjit.dll", cchWideChar=12, lpMultiByteStr=0x14b650, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscorjit.dll", lpUsedDefaultChar=0x0) returned 12 [0092.649] LoadLibraryA (lpLibFileName="mscorjit.dll") returned 0x0 [0092.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="clrjit.dll", cchWideChar=10, lpMultiByteStr=0x14b650, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clrjit.dll\x1a\x02", lpUsedDefaultChar=0x0) returned 10 [0092.653] LoadLibraryA (lpLibFileName="clrjit.dll") returned 0x7ffc3ef80000 [0092.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="getJit", cchWideChar=6, lpMultiByteStr=0x14b650, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="getJit", lpUsedDefaultChar=0x0) returned 6 [0092.653] GetProcAddress (hModule=0x7ffc3ef80000, lpProcName="getJit") returned 0x7ffc3f012ec4 [0092.757] GetCurrentProcessId () returned 0x13e0 [0092.791] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14a7b0 | out: lpLuid=0x14a7b0*(LowPart=0x14, HighPart=0)) returned 1 [0092.793] GetCurrentProcess () returned 0xffffffffffffffff [0092.793] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14a7a8 | out: TokenHandle=0x14a7a8*=0x5b0) returned 1 [0092.793] AdjustTokenPrivileges (in: TokenHandle=0x5b0, DisableAllPrivileges=0, NewState=0x21b05a0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0092.793] CloseHandle (hObject=0x5b0) returned 1 [0092.800] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x5b0 [0092.901] EnumProcessModules (in: hProcess=0x5b0, lphModule=0x21b13d0, cb=0x200, lpcbNeeded=0x14b628 | out: lphModule=0x21b13d0, lpcbNeeded=0x14b628) returned 1 [0092.903] GetModuleInformation (in: hProcess=0x5b0, hModule=0x400000, lpmodinfo=0x21b1640, cb=0x18 | out: lpmodinfo=0x21b1640*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0092.904] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.904] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x400000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0092.904] CoTaskMemFree (pv=0x58ae90) [0092.904] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.904] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x400000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0092.905] CoTaskMemFree (pv=0x58ae90) [0092.905] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5f810000, lpmodinfo=0x21b3958, cb=0x18 | out: lpmodinfo=0x21b3958*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0092.905] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.905] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5f810000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0092.905] CoTaskMemFree (pv=0x58ae90) [0092.905] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.905] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5f810000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0092.906] CoTaskMemFree (pv=0x58ae90) [0092.906] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc45030000, lpmodinfo=0x21b5b00, cb=0x18 | out: lpmodinfo=0x21b5b00*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0092.906] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.906] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc45030000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0092.906] CoTaskMemFree (pv=0x58ae90) [0092.906] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.906] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc45030000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0092.907] CoTaskMemFree (pv=0x58ae90) [0092.907] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5ecd0000, lpmodinfo=0x21b7ca8, cb=0x18 | out: lpmodinfo=0x21b7ca8*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0092.907] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.907] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5ecd0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0092.907] CoTaskMemFree (pv=0x58ae90) [0092.907] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.907] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5ecd0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0092.908] CoTaskMemFree (pv=0x58ae90) [0092.908] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5bfa0000, lpmodinfo=0x21b9e60, cb=0x18 | out: lpmodinfo=0x21b9e60*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0092.908] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.908] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5bfa0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0092.908] CoTaskMemFree (pv=0x58ae90) [0092.908] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.908] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5bfa0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0092.909] CoTaskMemFree (pv=0x58ae90) [0092.909] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5a2e0000, lpmodinfo=0x21bc070, cb=0x18 | out: lpmodinfo=0x21bc070*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0092.909] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.909] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5a2e0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0092.909] CoTaskMemFree (pv=0x58ae90) [0092.909] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.909] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5a2e0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0092.910] CoTaskMemFree (pv=0x58ae90) [0092.910] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5ec20000, lpmodinfo=0x21be218, cb=0x18 | out: lpmodinfo=0x21be218*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0092.910] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.910] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5ec20000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0092.911] CoTaskMemFree (pv=0x58ae90) [0092.911] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.911] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5ec20000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0092.911] CoTaskMemFree (pv=0x58ae90) [0092.911] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5e850000, lpmodinfo=0x21c03d0, cb=0x18 | out: lpmodinfo=0x21c03d0*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0092.912] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.912] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5e850000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0092.912] CoTaskMemFree (pv=0x58ae90) [0092.913] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.913] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5e850000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0092.913] CoTaskMemFree (pv=0x58ae90) [0092.913] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5e8f0000, lpmodinfo=0x21c2578, cb=0x18 | out: lpmodinfo=0x21c2578*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0092.913] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.913] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5e8f0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0092.914] CoTaskMemFree (pv=0x58ae90) [0092.914] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.914] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5e8f0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0092.914] CoTaskMemFree (pv=0x58ae90) [0092.914] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5e2b0000, lpmodinfo=0x21c47b8, cb=0x18 | out: lpmodinfo=0x21c47b8*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0092.914] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.914] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5e2b0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0092.915] CoTaskMemFree (pv=0x58ae90) [0092.915] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.915] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5e2b0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0092.915] CoTaskMemFree (pv=0x58ae90) [0092.915] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc44ec0000, lpmodinfo=0x21c6960, cb=0x18 | out: lpmodinfo=0x21c6960*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0092.915] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.915] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc44ec0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0092.916] CoTaskMemFree (pv=0x58ae90) [0092.916] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.916] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc44ec0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0092.916] CoTaskMemFree (pv=0x58ae90) [0092.916] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5e7b0000, lpmodinfo=0x21c8b50, cb=0x18 | out: lpmodinfo=0x21c8b50*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0092.916] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.916] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5e7b0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0092.917] CoTaskMemFree (pv=0x58ae90) [0092.917] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.917] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5e7b0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0092.917] CoTaskMemFree (pv=0x58ae90) [0092.917] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5f2c0000, lpmodinfo=0x21cacf8, cb=0x18 | out: lpmodinfo=0x21cacf8*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0092.917] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.917] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5f2c0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0092.918] CoTaskMemFree (pv=0x58ae90) [0092.918] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.918] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5f2c0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0092.918] CoTaskMemFree (pv=0x58ae90) [0092.918] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5cac0000, lpmodinfo=0x21ccea0, cb=0x18 | out: lpmodinfo=0x21ccea0*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0092.919] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.919] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5cac0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0092.919] CoTaskMemFree (pv=0x58ae90) [0092.919] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.919] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5cac0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0092.919] CoTaskMemFree (pv=0x58ae90) [0092.919] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5f540000, lpmodinfo=0x21cf078, cb=0x18 | out: lpmodinfo=0x21cf078*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0092.920] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.920] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5f540000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0092.920] CoTaskMemFree (pv=0x58ae90) [0092.920] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.920] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5f540000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0092.921] CoTaskMemFree (pv=0x58ae90) [0092.921] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5e960000, lpmodinfo=0x21d1220, cb=0x18 | out: lpmodinfo=0x21d1220*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0092.921] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.921] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5e960000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0092.959] CoTaskMemFree (pv=0x58ae90) [0092.959] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.959] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5e960000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0092.959] CoTaskMemFree (pv=0x58ae90) [0092.959] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5e810000, lpmodinfo=0x21d33c8, cb=0x18 | out: lpmodinfo=0x21d33c8*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0092.960] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.960] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5e810000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0092.960] CoTaskMemFree (pv=0x58ae90) [0092.960] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.960] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5e810000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0092.961] CoTaskMemFree (pv=0x58ae90) [0092.961] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5be50000, lpmodinfo=0x21d5688, cb=0x18 | out: lpmodinfo=0x21d5688*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0092.961] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.961] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5be50000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0092.962] CoTaskMemFree (pv=0x58ae90) [0092.962] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.962] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5be50000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0092.962] CoTaskMemFree (pv=0x58ae90) [0092.962] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc51300000, lpmodinfo=0x21d7850, cb=0x18 | out: lpmodinfo=0x21d7850*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0092.962] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.962] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc51300000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0092.963] CoTaskMemFree (pv=0x58ae90) [0092.963] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.963] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc51300000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0092.963] CoTaskMemFree (pv=0x58ae90) [0092.963] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc40790000, lpmodinfo=0x21d99f8, cb=0x18 | out: lpmodinfo=0x21d99f8*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0092.964] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.964] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc40790000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0092.964] CoTaskMemFree (pv=0x58ae90) [0092.964] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.964] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc40790000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0092.965] CoTaskMemFree (pv=0x58ae90) [0092.965] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc40690000, lpmodinfo=0x21dbbc8, cb=0x18 | out: lpmodinfo=0x21dbbc8*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0092.965] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.965] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc40690000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0092.965] CoTaskMemFree (pv=0x58ae90) [0092.965] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.965] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc40690000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0092.966] CoTaskMemFree (pv=0x58ae90) [0092.966] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc3f1c0000, lpmodinfo=0x21ddda0, cb=0x18 | out: lpmodinfo=0x21ddda0*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0092.966] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.966] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc3f1c0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0092.967] CoTaskMemFree (pv=0x58ae90) [0092.967] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.967] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc3f1c0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0092.968] CoTaskMemFree (pv=0x58ae90) [0092.968] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5e3e0000, lpmodinfo=0x21dffe8, cb=0x18 | out: lpmodinfo=0x21dffe8*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0092.968] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.968] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5e3e0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0092.969] CoTaskMemFree (pv=0x58ae90) [0092.974] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.974] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5e3e0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0092.975] CoTaskMemFree (pv=0x58ae90) [0092.975] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc3ef80000, lpmodinfo=0x21e2190, cb=0x18 | out: lpmodinfo=0x21e2190*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0092.976] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.976] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc3ef80000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0092.976] CoTaskMemFree (pv=0x58ae90) [0092.976] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.976] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc3ef80000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0092.977] CoTaskMemFree (pv=0x58ae90) [0092.977] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5e1e0000, lpmodinfo=0x21e4370, cb=0x18 | out: lpmodinfo=0x21e4370*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0092.977] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.978] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5e1e0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0092.978] CoTaskMemFree (pv=0x58ae90) [0092.978] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.978] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5e1e0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0092.979] CoTaskMemFree (pv=0x58ae90) [0092.979] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc3e360000, lpmodinfo=0x21e6528, cb=0x18 | out: lpmodinfo=0x21e6528*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0092.979] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.979] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc3e360000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0092.980] CoTaskMemFree (pv=0x58ae90) [0092.980] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.980] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc3e360000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0092.980] CoTaskMemFree (pv=0x58ae90) [0092.980] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc3d9d0000, lpmodinfo=0x21e8768, cb=0x18 | out: lpmodinfo=0x21e8768*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0092.981] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.981] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc3d9d0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0092.981] CoTaskMemFree (pv=0x58ae90) [0092.981] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.981] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc3d9d0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0092.982] CoTaskMemFree (pv=0x58ae90) [0092.982] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc3f0a0000, lpmodinfo=0x21ea9c0, cb=0x18 | out: lpmodinfo=0x21ea9c0*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0092.982] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.982] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc3f0a0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0092.983] CoTaskMemFree (pv=0x58ae90) [0092.983] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.983] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc3f0a0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0092.984] CoTaskMemFree (pv=0x58ae90) [0092.984] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc3d130000, lpmodinfo=0x21ecc50, cb=0x18 | out: lpmodinfo=0x21ecc50*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0092.984] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.984] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc3d130000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0092.985] CoTaskMemFree (pv=0x58ae90) [0092.985] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.985] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc3d130000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0092.985] CoTaskMemFree (pv=0x58ae90) [0092.985] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc44f70000, lpmodinfo=0x21eeea8, cb=0x18 | out: lpmodinfo=0x21eeea8*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0092.986] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.986] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc44f70000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0092.987] CoTaskMemFree (pv=0x58ae90) [0092.987] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.987] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc44f70000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0092.987] CoTaskMemFree (pv=0x58ae90) [0092.987] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc470f0000, lpmodinfo=0x21f1060, cb=0x18 | out: lpmodinfo=0x21f1060*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0092.988] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.988] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc470f0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0092.989] CoTaskMemFree (pv=0x58ae90) [0092.989] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.989] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc470f0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0092.990] CoTaskMemFree (pv=0x58ae90) [0092.990] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc54b40000, lpmodinfo=0x21f3208, cb=0x18 | out: lpmodinfo=0x21f3208*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0092.991] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.991] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc54b40000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0092.991] CoTaskMemFree (pv=0x58ae90) [0092.991] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.991] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc54b40000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0092.992] CoTaskMemFree (pv=0x58ae90) [0092.992] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5e740000, lpmodinfo=0x21f53b0, cb=0x18 | out: lpmodinfo=0x21f53b0*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0092.993] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.993] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5e740000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0092.994] CoTaskMemFree (pv=0x58ae90) [0092.994] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.994] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5e740000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0092.994] CoTaskMemFree (pv=0x58ae90) [0092.994] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5b700000, lpmodinfo=0x21f7770, cb=0x18 | out: lpmodinfo=0x21f7770*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0092.995] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.995] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5b700000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0092.995] CoTaskMemFree (pv=0x58ae90) [0092.995] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.995] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5b700000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0092.996] CoTaskMemFree (pv=0x58ae90) [0092.996] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc57e70000, lpmodinfo=0x21f9918, cb=0x18 | out: lpmodinfo=0x21f9918*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0092.998] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.998] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc57e70000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0092.998] CoTaskMemFree (pv=0x58ae90) [0092.998] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0092.999] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc57e70000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0092.999] CoTaskMemFree (pv=0x58ae90) [0092.999] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc54160000, lpmodinfo=0x21fbac0, cb=0x18 | out: lpmodinfo=0x21fbac0*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0093.000] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.000] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc54160000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0093.001] CoTaskMemFree (pv=0x58ae90) [0093.001] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.001] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc54160000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0093.001] CoTaskMemFree (pv=0x58ae90) [0093.001] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc55820000, lpmodinfo=0x21fdca8, cb=0x18 | out: lpmodinfo=0x21fdca8*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0093.002] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.002] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc55820000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0093.003] CoTaskMemFree (pv=0x58ae90) [0093.003] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.003] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc55820000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0093.003] CoTaskMemFree (pv=0x58ae90) [0093.003] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5e950000, lpmodinfo=0x21ffe60, cb=0x18 | out: lpmodinfo=0x21ffe60*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0093.004] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.004] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5e950000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0093.005] CoTaskMemFree (pv=0x58ae90) [0093.005] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.005] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5e950000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0093.006] CoTaskMemFree (pv=0x58ae90) [0093.006] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc55190000, lpmodinfo=0x2201ff8, cb=0x18 | out: lpmodinfo=0x2201ff8*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0093.006] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.007] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc55190000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0093.007] CoTaskMemFree (pv=0x58ae90) [0093.007] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.007] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc55190000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0093.008] CoTaskMemFree (pv=0x58ae90) [0093.008] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc54b20000, lpmodinfo=0x22041b0, cb=0x18 | out: lpmodinfo=0x22041b0*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0093.009] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.009] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc54b20000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0093.009] CoTaskMemFree (pv=0x58ae90) [0093.009] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.010] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc54b20000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0093.010] CoTaskMemFree (pv=0x58ae90) [0093.010] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5cc80000, lpmodinfo=0x2206368, cb=0x18 | out: lpmodinfo=0x2206368*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0093.011] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.011] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5cc80000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0093.012] CoTaskMemFree (pv=0x58ae90) [0093.012] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.012] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5cc80000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0093.012] CoTaskMemFree (pv=0x58ae90) [0093.013] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5bec0000, lpmodinfo=0x2208510, cb=0x18 | out: lpmodinfo=0x2208510*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0093.013] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.013] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5bec0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0093.014] CoTaskMemFree (pv=0x58ae90) [0093.021] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.021] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5bec0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0093.022] CoTaskMemFree (pv=0x58ae90) [0093.022] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5c3c0000, lpmodinfo=0x220a6c8, cb=0x18 | out: lpmodinfo=0x220a6c8*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0093.023] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.023] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5c3c0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0093.024] CoTaskMemFree (pv=0x58ae90) [0093.024] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.024] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5c3c0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0093.025] CoTaskMemFree (pv=0x58ae90) [0093.025] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5cb50000, lpmodinfo=0x220c890, cb=0x18 | out: lpmodinfo=0x220c890*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0093.025] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.025] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5cb50000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0093.026] CoTaskMemFree (pv=0x58ae90) [0093.026] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.026] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5cb50000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0093.027] CoTaskMemFree (pv=0x58ae90) [0093.027] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5be70000, lpmodinfo=0x220ea38, cb=0x18 | out: lpmodinfo=0x220ea38*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0093.028] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.028] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5be70000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0093.029] CoTaskMemFree (pv=0x58ae90) [0093.029] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.029] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5be70000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0093.030] CoTaskMemFree (pv=0x58ae90) [0093.030] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5be30000, lpmodinfo=0x2210bf0, cb=0x18 | out: lpmodinfo=0x2210bf0*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0093.031] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.031] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5be30000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0093.033] CoTaskMemFree (pv=0x58ae90) [0093.033] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.033] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5be30000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0093.034] CoTaskMemFree (pv=0x58ae90) [0093.034] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5a8a0000, lpmodinfo=0x2212d98, cb=0x18 | out: lpmodinfo=0x2212d98*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0093.035] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.035] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5a8a0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0093.036] CoTaskMemFree (pv=0x58ae90) [0093.036] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.036] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5a8a0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0093.037] CoTaskMemFree (pv=0x58ae90) [0093.037] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc55860000, lpmodinfo=0x2214f40, cb=0x18 | out: lpmodinfo=0x2214f40*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0093.038] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.038] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc55860000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0093.039] CoTaskMemFree (pv=0x58ae90) [0093.039] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.039] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc55860000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0093.040] CoTaskMemFree (pv=0x58ae90) [0093.040] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc538e0000, lpmodinfo=0x22170e8, cb=0x18 | out: lpmodinfo=0x22170e8*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0093.041] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.041] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc538e0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0093.042] CoTaskMemFree (pv=0x58ae90) [0093.042] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.042] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc538e0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0093.044] CoTaskMemFree (pv=0x58ae90) [0093.044] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc54680000, lpmodinfo=0x22192a0, cb=0x18 | out: lpmodinfo=0x22192a0*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0093.045] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.045] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc54680000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0093.046] CoTaskMemFree (pv=0x58ae90) [0093.046] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.046] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc54680000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0093.047] CoTaskMemFree (pv=0x58ae90) [0093.047] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5bcc0000, lpmodinfo=0x221b458, cb=0x18 | out: lpmodinfo=0x221b458*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0093.047] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.048] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5bcc0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0093.048] CoTaskMemFree (pv=0x58ae90) [0093.048] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.048] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5bcc0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0093.049] CoTaskMemFree (pv=0x58ae90) [0093.049] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc4f220000, lpmodinfo=0x221d600, cb=0x18 | out: lpmodinfo=0x221d600*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0093.050] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.050] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc4f220000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0093.051] CoTaskMemFree (pv=0x58ae90) [0093.051] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.051] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc4f220000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0093.052] CoTaskMemFree (pv=0x58ae90) [0093.052] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5bab0000, lpmodinfo=0x221f7a8, cb=0x18 | out: lpmodinfo=0x221f7a8*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0093.053] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.053] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5bab0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0093.054] CoTaskMemFree (pv=0x58ae90) [0093.054] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.054] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5bab0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0093.055] CoTaskMemFree (pv=0x58ae90) [0093.055] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5b380000, lpmodinfo=0x2221950, cb=0x18 | out: lpmodinfo=0x2221950*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0093.056] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.056] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5b380000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0093.057] CoTaskMemFree (pv=0x58ae90) [0093.057] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.057] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5b380000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0093.058] CoTaskMemFree (pv=0x58ae90) [0093.058] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5c190000, lpmodinfo=0x2223b08, cb=0x18 | out: lpmodinfo=0x2223b08*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0093.059] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.059] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5c190000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0093.059] CoTaskMemFree (pv=0x58ae90) [0093.059] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.060] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5c190000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0093.060] CoTaskMemFree (pv=0x58ae90) [0093.060] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5be60000, lpmodinfo=0x2225cb0, cb=0x18 | out: lpmodinfo=0x2225cb0*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0093.063] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.063] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5be60000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0093.064] CoTaskMemFree (pv=0x58ae90) [0093.064] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.064] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5be60000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0093.065] CoTaskMemFree (pv=0x58ae90) [0093.065] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc4bd50000, lpmodinfo=0x2227e58, cb=0x18 | out: lpmodinfo=0x2227e58*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0093.067] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.067] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc4bd50000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0093.068] CoTaskMemFree (pv=0x58ae90) [0093.068] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.068] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc4bd50000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0093.069] CoTaskMemFree (pv=0x58ae90) [0093.069] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5b9a0000, lpmodinfo=0x222a020, cb=0x18 | out: lpmodinfo=0x222a020*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0093.069] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.069] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5b9a0000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0093.070] CoTaskMemFree (pv=0x58ae90) [0093.070] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.070] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5b9a0000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0093.072] CoTaskMemFree (pv=0x58ae90) [0093.072] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5b960000, lpmodinfo=0x222c1c8, cb=0x18 | out: lpmodinfo=0x222c1c8*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0093.072] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.072] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5b960000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0093.073] CoTaskMemFree (pv=0x58ae90) [0093.074] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.074] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5b960000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0093.074] CoTaskMemFree (pv=0x58ae90) [0093.075] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc4be00000, lpmodinfo=0x222e370, cb=0x18 | out: lpmodinfo=0x222e370*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0093.075] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.075] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc4be00000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0093.076] CoTaskMemFree (pv=0x58ae90) [0093.092] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.092] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc4be00000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0093.093] CoTaskMemFree (pv=0x58ae90) [0093.093] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc3cf40000, lpmodinfo=0x2230528, cb=0x18 | out: lpmodinfo=0x2230528*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0093.094] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.094] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc3cf40000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0093.096] CoTaskMemFree (pv=0x58ae90) [0093.096] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.096] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc3cf40000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0093.097] CoTaskMemFree (pv=0x58ae90) [0093.097] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc3c050000, lpmodinfo=0x2232798, cb=0x18 | out: lpmodinfo=0x2232798*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0093.098] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.098] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc3c050000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0093.099] CoTaskMemFree (pv=0x58ae90) [0093.099] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.099] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc3c050000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0093.100] CoTaskMemFree (pv=0x58ae90) [0093.100] GetModuleInformation (in: hProcess=0x5b0, hModule=0x7ffc5cc70000, lpmodinfo=0x2234a28, cb=0x18 | out: lpmodinfo=0x2234a28*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0093.102] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.102] GetModuleBaseNameW (in: hProcess=0x5b0, hModule=0x7ffc5cc70000, lpBaseName=0x58ae90, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0093.103] CoTaskMemFree (pv=0x58ae90) [0093.103] CoTaskMemAlloc (cb=0x804) returned 0x58ae90 [0093.103] GetModuleFileNameExW (in: hProcess=0x5b0, hModule=0x7ffc5cc70000, lpFilename=0x58ae90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0093.104] CoTaskMemFree (pv=0x58ae90) [0093.105] CloseHandle (hObject=0x5b0) returned 1 [0093.323] CoTaskMemAlloc (cb=0x1) returned 0x569cd0 [0093.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAlloc", cchWideChar=12, lpMultiByteStr=0x14b560, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocû\x7f", lpUsedDefaultChar=0x0) returned 12 [0093.431] GetProcAddress (hModule=0x7ffc5ecd0000, lpProcName="VirtualAlloc") returned 0x7ffc5ecf28c0 [0093.444] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x1000, flProtect=0x40) returned 0x6d0000 [0093.444] VirtualProtect (in: lpAddress=0x7ffc3f04f300, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x14d248 | out: lpflOldProtect=0x14d248*=0x2) returned 1 [0093.447] VirtualProtect (in: lpAddress=0x7ffc3f04f300, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x14d248 | out: lpflOldProtect=0x14d248*=0x40) returned 1 [0094.037] CoTaskMemAlloc (cb=0xe) returned 0x58dc90 [0094.083] CoTaskMemAlloc (cb=0xe) returned 0x58d870 [0094.086] CoTaskMemAlloc (cb=0x15) returned 0x58d9d0 [0094.102] CoTaskMemAlloc (cb=0xc03) returned 0x1b854090 [0094.805] CoTaskMemAlloc (cb=0x142) returned 0x581d10 [0097.468] CoTaskMemAlloc (cb=0x10) returned 0x58de50 [0097.631] CoTaskMemAlloc (cb=0x12) returned 0x58def0 [0097.633] CoTaskMemAlloc (cb=0x495) returned 0x585180 [0097.721] CoTaskMemAlloc (cb=0xd) returned 0x58db10 [0097.723] CoTaskMemAlloc (cb=0x12) returned 0x58d7d0 [0097.724] CoTaskMemAlloc (cb=0x1b5) returned 0x57ab80 [0097.748] CoTaskMemAlloc (cb=0xe) returned 0x58d7f0 [0097.749] CoTaskMemAlloc (cb=0xe) returned 0x58d830 [0097.751] CoTaskMemAlloc (cb=0xe) returned 0x58dc10 [0097.752] CoTaskMemAlloc (cb=0x4a) returned 0x562fd0 [0097.753] CoTaskMemAlloc (cb=0xe) returned 0x58dd70 [0097.770] CoTaskMemAlloc (cb=0xe) returned 0x58b180 [0097.771] CoTaskMemAlloc (cb=0xe) returned 0x58b440 [0097.772] CoTaskMemAlloc (cb=0xe) returned 0x58b4c0 [0097.773] CoTaskMemAlloc (cb=0x57) returned 0x563090 [0097.773] CoTaskMemAlloc (cb=0xe) returned 0x58b0e0 [0097.893] CoTaskMemAlloc (cb=0xe) returned 0x58b5a0 [0097.895] CoTaskMemAlloc (cb=0xe) returned 0x58b0c0 [0097.896] CoTaskMemAlloc (cb=0xe) returned 0x58b3e0 [0097.914] CoTaskMemAlloc (cb=0x88) returned 0x5331c0 [0097.925] CoTaskMemAlloc (cb=0xe) returned 0x58b540 [0097.929] CoTaskMemAlloc (cb=0xe) returned 0x58b340 [0097.930] CoTaskMemAlloc (cb=0xe) returned 0x58b060 [0097.932] CoTaskMemAlloc (cb=0x5f) returned 0x58eab0 [0097.942] CoTaskMemAlloc (cb=0xe) returned 0x58aee0 [0097.970] CoTaskMemAlloc (cb=0x65) returned 0x58e180 [0097.972] CoTaskMemAlloc (cb=0xd) returned 0x58b100 [0097.973] CoTaskMemAlloc (cb=0x837) returned 0x1b854ca0 [0098.045] CoTaskMemAlloc (cb=0x79c8) returned 0x1b88bcf0 [0098.229] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x1b250000 [0099.159] CoTaskMemAlloc (cb=0xe) returned 0x58b4e0 [0099.162] CoTaskMemAlloc (cb=0xe) returned 0x58b560 [0099.163] CoTaskMemAlloc (cb=0xe) returned 0x58b500 [0099.165] CoTaskMemAlloc (cb=0x95) returned 0x5685a0 [0099.169] CoTaskMemAlloc (cb=0xe) returned 0x58b2a0 [0099.170] CoTaskMemAlloc (cb=0xe) returned 0x58b140 [0099.172] CoTaskMemAlloc (cb=0x4f) returned 0x1b8576c0 [0099.173] CoTaskMemAlloc (cb=0xe) returned 0x58b520 [0099.174] CoTaskMemAlloc (cb=0xe) returned 0x58b5c0 [0099.178] CoTaskMemAlloc (cb=0xe) returned 0x58b660 [0099.180] CoTaskMemAlloc (cb=0xe) returned 0x58b580 [0099.182] CoTaskMemAlloc (cb=0xe) returned 0x58b600 [0099.184] CoTaskMemAlloc (cb=0x4a) returned 0x1b857300 [0099.186] CoTaskMemAlloc (cb=0xe) returned 0x58b360 [0099.188] CoTaskMemAlloc (cb=0x15) returned 0x58b3c0 [0099.189] CoTaskMemAlloc (cb=0x4d) returned 0x1b8577e0 [0099.191] CoTaskMemAlloc (cb=0x10) returned 0x58b420 [0099.192] CoTaskMemAlloc (cb=0x10) returned 0x58b040 [0099.195] CoTaskMemAlloc (cb=0x11) returned 0x58b000 [0099.196] CoTaskMemAlloc (cb=0x9f) returned 0x542730 [0099.198] CoTaskMemAlloc (cb=0x20) returned 0x57b300 [0099.199] CoTaskMemAlloc (cb=0x11) returned 0x58af20 [0099.216] CoTaskMemAlloc (cb=0xd) returned 0x58b620 [0099.218] CoTaskMemAlloc (cb=0x15) returned 0x58afa0 [0099.220] CoTaskMemAlloc (cb=0x12) returned 0x58b080 [0099.221] CoTaskMemAlloc (cb=0xcd) returned 0x53fcf0 [0099.226] CoTaskMemAlloc (cb=0xfb) returned 0x591270 [0099.232] CoTaskMemAlloc (cb=0x11) returned 0x58afc0 [0099.233] CoTaskMemAlloc (cb=0x9) returned 0x58b1e0 [0099.235] CoTaskMemAlloc (cb=0x11) returned 0x58af40 [0099.236] CoTaskMemAlloc (cb=0x11) returned 0x58b640 [0099.237] CoTaskMemAlloc (cb=0x15) returned 0x58af00 [0099.238] CoTaskMemAlloc (cb=0xe8) returned 0x557d60 [0099.247] CoTaskMemAlloc (cb=0x10) returned 0x58b280 [0099.248] CoTaskMemAlloc (cb=0x15) returned 0x58af60 [0099.248] CoTaskMemAlloc (cb=0xeb) returned 0x598260 [0099.297] CoTaskMemAlloc (cb=0x15) returned 0x58b020 [0099.301] CoTaskMemAlloc (cb=0x668) returned 0x1b857cb0 [0099.371] CoTaskMemAlloc (cb=0x101) returned 0x5915a0 [0099.375] CoTaskMemAlloc (cb=0x11) returned 0x58b260 [0099.376] CoTaskMemAlloc (cb=0xe7) returned 0x5588a0 [0099.378] CoTaskMemAlloc (cb=0xdb) returned 0x558e40 [0099.434] CoTaskMemAlloc (cb=0xd) returned 0x58b2c0 [0099.435] CoTaskMemAlloc (cb=0x11) returned 0x58b380 [0099.436] CoTaskMemAlloc (cb=0x19) returned 0x57b330 [0099.439] CoTaskMemAlloc (cb=0x11) returned 0x1b858490 [0099.440] CoTaskMemAlloc (cb=0x13) returned 0x1b858990 [0099.441] CoTaskMemAlloc (cb=0x4c) returned 0x1b8571e0 [0099.442] CoTaskMemAlloc (cb=0x11) returned 0x1b8589d0 [0099.443] CoTaskMemAlloc (cb=0x23b) returned 0x57c4f0 [0099.456] CoTaskMemAlloc (cb=0x11) returned 0x1b858870 [0099.458] CoTaskMemAlloc (cb=0xe) returned 0x1b858410 [0099.459] CoTaskMemAlloc (cb=0x12) returned 0x1b858790 [0099.463] CoTaskMemAlloc (cb=0x83) returned 0x533520 [0099.488] CoTaskMemAlloc (cb=0x4e) returned 0x1b8574e0 [0099.799] CoTaskMemAlloc (cb=0x378) returned 0x59de30 [0099.950] CoTaskMemAlloc (cb=0x12) returned 0x1b858930 [0099.959] CoTaskMemAlloc (cb=0xe) returned 0x1b858610 [0099.959] CoTaskMemAlloc (cb=0xe) returned 0x1b8589b0 [0099.959] CoTaskMemAlloc (cb=0x4a) returned 0x1b8573c0 [0099.960] CoTaskMemAlloc (cb=0xe) returned 0x1b8588f0 [0099.960] CoTaskMemAlloc (cb=0xe) returned 0x1b8586f0 [0099.961] CoTaskMemAlloc (cb=0xe) returned 0x1b8589f0 [0099.961] CoTaskMemAlloc (cb=0xe) returned 0x1b858ad0 [0099.961] CoTaskMemAlloc (cb=0xe) returned 0x1b858970 [0099.962] CoTaskMemAlloc (cb=0x64) returned 0x58ec70 [0099.962] CoTaskMemAlloc (cb=0xe) returned 0x1b8583f0 [0099.963] CoTaskMemAlloc (cb=0xe) returned 0x1b858a30 [0099.963] CoTaskMemAlloc (cb=0xe) returned 0x1b858af0 [0099.964] CoTaskMemAlloc (cb=0x4f) returned 0x1b856be0 [0099.964] CoTaskMemAlloc (cb=0xe) returned 0x1b8584b0 [0099.964] CoTaskMemAlloc (cb=0xe) returned 0x1b858470 [0099.965] CoTaskMemAlloc (cb=0xe) returned 0x1b858a70 [0099.965] CoTaskMemAlloc (cb=0xe) returned 0x1b858370 [0099.966] CoTaskMemAlloc (cb=0x4a) returned 0x1b857480 [0099.984] CoTaskMemAlloc (cb=0x28) returned 0x1b8b3bb0 [0100.036] CoTaskMemAlloc (cb=0x16e0) returned 0x1b8b47b0 [0100.296] CoTaskMemAlloc (cb=0x12) returned 0x1b858670 [0100.301] CoTaskMemAlloc (cb=0x4df) returned 0x59e1b0 [0100.344] CoTaskMemAlloc (cb=0x10) returned 0x1b858910 [0100.346] CoTaskMemAlloc (cb=0xd) returned 0x1b858ab0 [0100.350] CoTaskMemAlloc (cb=0x12) returned 0x1b858450 [0100.351] CoTaskMemAlloc (cb=0x12b) returned 0x58b8c0 [0100.370] CoTaskMemAlloc (cb=0xe) returned 0x1b8584d0 [0100.372] CoTaskMemAlloc (cb=0x88) returned 0x5332e0 [0100.407] CoTaskMemAlloc (cb=0xe) returned 0x1b858510 [0100.408] CoTaskMemAlloc (cb=0x6b) returned 0x5749c0 [0100.410] CoTaskMemAlloc (cb=0x9c) returned 0x542e10 [0100.413] CoTaskMemAlloc (cb=0xe) returned 0x1b858650 [0100.416] CoTaskMemAlloc (cb=0xe) returned 0x1b858690 [0100.417] CoTaskMemAlloc (cb=0xe) returned 0x1b858530 [0100.418] CoTaskMemAlloc (cb=0xe) returned 0x1b858850 [0100.420] CoTaskMemAlloc (cb=0x9a) returned 0x542ec0 [0100.422] CoTaskMemAlloc (cb=0xe) returned 0x1b858570 [0100.423] CoTaskMemAlloc (cb=0x11) returned 0x1b8587f0 [0100.425] CoTaskMemAlloc (cb=0xe) returned 0x1b8586d0 [0100.426] CoTaskMemAlloc (cb=0x11) returned 0x1b858550 [0100.427] CoTaskMemAlloc (cb=0x11) returned 0x1b858590 [0100.428] CoTaskMemAlloc (cb=0x11) returned 0x1b8585b0 [0100.429] CoTaskMemAlloc (cb=0xdc) returned 0x557e50 [0100.432] CoTaskMemAlloc (cb=0xc14) returned 0x1b8b5ea0 [0100.506] CoTaskMemAlloc (cb=0x19) returned 0x1b8b3d60 [0100.507] CoTaskMemAlloc (cb=0x15) returned 0x1b858730 [0100.509] CoTaskMemAlloc (cb=0x650) returned 0x59e6a0 [0100.588] CoTaskMemAlloc (cb=0xd) returned 0x566410 [0100.590] CoTaskMemAlloc (cb=0x10) returned 0x565fd0 [0100.596] CoTaskMemAlloc (cb=0x16) returned 0x566050 [0100.599] CoTaskMemAlloc (cb=0xe) returned 0x1b858810 [0100.600] CoTaskMemAlloc (cb=0xe) returned 0x1b858830 [0100.601] CoTaskMemAlloc (cb=0xe) returned 0x1b8b7040 [0100.602] CoTaskMemAlloc (cb=0x71) returned 0x575540 [0100.603] CoTaskMemAlloc (cb=0xe) returned 0x1b8b70e0 [0100.604] CoTaskMemAlloc (cb=0x136) returned 0x58c680 [0100.610] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6ee0 [0100.611] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6be0 [0100.612] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6c60 [0100.613] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6f80 [0100.614] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6ec0 [0100.615] CoTaskMemAlloc (cb=0x11) returned 0x1b8b7080 [0100.616] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6fa0 [0100.617] CoTaskMemAlloc (cb=0x5d) returned 0x58ed50 [0100.618] CoTaskMemAlloc (cb=0x14) returned 0x1b8b72c0 [0100.620] CoTaskMemAlloc (cb=0xe) returned 0x1b8b6f00 [0100.621] CoTaskMemAlloc (cb=0x15) returned 0x1b8b6cc0 [0100.622] CoTaskMemAlloc (cb=0x10d) returned 0x570650 [0100.641] CoTaskMemAlloc (cb=0x19) returned 0x1b8b41e0 [0100.642] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6da0 [0100.643] CoTaskMemAlloc (cb=0x1a) returned 0x1b8b3c70 [0100.650] CoTaskMemAlloc (cb=0xe) returned 0x1b8b71e0 [0100.651] CoTaskMemAlloc (cb=0x568) returned 0x1b8b8e70 [0100.708] CoTaskMemAlloc (cb=0xd) returned 0x1b8b7260 [0100.710] CoTaskMemAlloc (cb=0xe) returned 0x1b8b7140 [0100.711] CoTaskMemAlloc (cb=0x19) returned 0x1b8b3d30 [0100.713] CoTaskMemAlloc (cb=0xf1) returned 0x598060 [0100.717] CoTaskMemAlloc (cb=0xee) returned 0x598860 [0100.730] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6e60 [0100.779] CoTaskMemAlloc (cb=0xe) returned 0x1b8b71a0 [0100.781] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6ce0 [0100.803] CoTaskMemAlloc (cb=0x15) returned 0x1b8b6f20 [0100.805] CoTaskMemAlloc (cb=0xd2) returned 0x540930 [0100.817] CoTaskMemAlloc (cb=0xf5) returned 0x597360 [0100.833] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6dc0 [0100.834] CoTaskMemAlloc (cb=0xe) returned 0x1b8b7160 [0100.835] CoTaskMemAlloc (cb=0x11) returned 0x1b8b7300 [0100.836] CoTaskMemAlloc (cb=0x19) returned 0x1b8b3af0 [0100.837] CoTaskMemAlloc (cb=0xa8) returned 0x543020 [0100.841] CoTaskMemAlloc (cb=0x15) returned 0x1b8b6fc0 [0100.876] CoTaskMemAlloc (cb=0x151) returned 0x58cde0 [0100.881] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6fe0 [0100.882] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6c20 [0100.884] CoTaskMemAlloc (cb=0x9) returned 0x1b8b70c0 [0100.885] CoTaskMemAlloc (cb=0x9) returned 0x1b8b6bc0 [0100.886] CoTaskMemAlloc (cb=0x11) returned 0x1b8b6b80 [0100.956] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0100.956] EnumProcessModules (in: hProcess=0x260, lphModule=0x21e0150, cb=0x200, lpcbNeeded=0x14cee8 | out: lphModule=0x21e0150, lpcbNeeded=0x14cee8) returned 1 [0100.958] EnumProcessModules (in: hProcess=0x260, lphModule=0x21e0368, cb=0x400, lpcbNeeded=0x14cee8 | out: lphModule=0x21e0368, lpcbNeeded=0x14cee8) returned 1 [0100.959] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x21e07d8, cb=0x18 | out: lpmodinfo=0x21e07d8*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0100.959] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.959] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0100.959] CoTaskMemFree (pv=0x1b8936c0) [0100.959] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.959] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0100.960] CoTaskMemFree (pv=0x1b8936c0) [0100.960] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x21e2ab8, cb=0x18 | out: lpmodinfo=0x21e2ab8*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0100.960] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.960] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0100.960] CoTaskMemFree (pv=0x1b8936c0) [0100.960] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.960] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0100.961] CoTaskMemFree (pv=0x1b8936c0) [0100.961] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x21e4c60, cb=0x18 | out: lpmodinfo=0x21e4c60*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0100.961] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.961] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0100.961] CoTaskMemFree (pv=0x1b8936c0) [0100.961] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.961] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0100.961] CoTaskMemFree (pv=0x1b8936c0) [0100.961] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x21e6e08, cb=0x18 | out: lpmodinfo=0x21e6e08*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0100.962] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.962] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0100.962] CoTaskMemFree (pv=0x1b8936c0) [0100.962] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.962] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0100.962] CoTaskMemFree (pv=0x1b8936c0) [0100.962] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x21e8fc0, cb=0x18 | out: lpmodinfo=0x21e8fc0*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0100.963] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.963] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0100.994] CoTaskMemFree (pv=0x1b8936c0) [0100.994] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.994] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0100.994] CoTaskMemFree (pv=0x1b8936c0) [0100.994] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x21eb1d0, cb=0x18 | out: lpmodinfo=0x21eb1d0*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0100.994] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.994] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0100.995] CoTaskMemFree (pv=0x1b8936c0) [0100.995] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.995] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0100.995] CoTaskMemFree (pv=0x1b8936c0) [0100.995] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x21ed378, cb=0x18 | out: lpmodinfo=0x21ed378*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0100.995] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.997] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0100.997] CoTaskMemFree (pv=0x1b8936c0) [0100.997] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.997] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0100.997] CoTaskMemFree (pv=0x1b8936c0) [0100.997] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x21ef530, cb=0x18 | out: lpmodinfo=0x21ef530*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0100.998] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.998] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0100.998] CoTaskMemFree (pv=0x1b8936c0) [0100.998] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.998] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0100.998] CoTaskMemFree (pv=0x1b8936c0) [0100.998] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x21f16d8, cb=0x18 | out: lpmodinfo=0x21f16d8*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0100.999] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.999] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0100.999] CoTaskMemFree (pv=0x1b8936c0) [0100.999] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.999] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0100.999] CoTaskMemFree (pv=0x1b8936c0) [0100.999] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x21f3918, cb=0x18 | out: lpmodinfo=0x21f3918*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0100.999] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0100.999] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0101.000] CoTaskMemFree (pv=0x1b8936c0) [0101.000] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.000] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0101.000] CoTaskMemFree (pv=0x1b8936c0) [0101.000] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x21f5ac0, cb=0x18 | out: lpmodinfo=0x21f5ac0*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0101.000] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.000] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0101.001] CoTaskMemFree (pv=0x1b8936c0) [0101.001] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.001] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0101.001] CoTaskMemFree (pv=0x1b8936c0) [0101.001] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x21f7cb0, cb=0x18 | out: lpmodinfo=0x21f7cb0*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0101.001] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.001] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0101.002] CoTaskMemFree (pv=0x1b8936c0) [0101.002] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.002] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0101.002] CoTaskMemFree (pv=0x1b8936c0) [0101.002] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x21f9e58, cb=0x18 | out: lpmodinfo=0x21f9e58*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0101.003] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.003] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0101.003] CoTaskMemFree (pv=0x1b8936c0) [0101.003] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.003] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0101.003] CoTaskMemFree (pv=0x1b8936c0) [0101.003] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x21fc000, cb=0x18 | out: lpmodinfo=0x21fc000*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0101.004] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.004] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0101.004] CoTaskMemFree (pv=0x1b8936c0) [0101.004] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.004] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0101.005] CoTaskMemFree (pv=0x1b8936c0) [0101.005] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x21fe1d8, cb=0x18 | out: lpmodinfo=0x21fe1d8*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0101.005] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.005] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0101.006] CoTaskMemFree (pv=0x1b8936c0) [0101.006] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.006] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0101.006] CoTaskMemFree (pv=0x1b8936c0) [0101.006] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x2200380, cb=0x18 | out: lpmodinfo=0x2200380*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0101.006] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.006] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0101.007] CoTaskMemFree (pv=0x1b8936c0) [0101.007] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.007] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0101.008] CoTaskMemFree (pv=0x1b8936c0) [0101.008] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x2202528, cb=0x18 | out: lpmodinfo=0x2202528*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0101.008] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.008] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0101.008] CoTaskMemFree (pv=0x1b8936c0) [0101.009] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.009] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0101.009] CoTaskMemFree (pv=0x1b8936c0) [0101.009] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x22047e8, cb=0x18 | out: lpmodinfo=0x22047e8*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0101.010] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.010] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0101.010] CoTaskMemFree (pv=0x1b8936c0) [0101.010] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.010] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0101.011] CoTaskMemFree (pv=0x1b8936c0) [0101.011] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x22069b0, cb=0x18 | out: lpmodinfo=0x22069b0*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0101.011] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.011] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0101.011] CoTaskMemFree (pv=0x1b8936c0) [0101.011] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.011] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0101.012] CoTaskMemFree (pv=0x1b8936c0) [0101.012] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x2208b58, cb=0x18 | out: lpmodinfo=0x2208b58*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0101.012] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.012] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0101.013] CoTaskMemFree (pv=0x1b8936c0) [0101.013] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.013] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0101.013] CoTaskMemFree (pv=0x1b8936c0) [0101.013] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x220ad28, cb=0x18 | out: lpmodinfo=0x220ad28*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0101.014] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.014] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0101.014] CoTaskMemFree (pv=0x1b8936c0) [0101.014] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.014] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0101.015] CoTaskMemFree (pv=0x1b8936c0) [0101.015] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x220cf00, cb=0x18 | out: lpmodinfo=0x220cf00*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0101.016] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.016] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0101.016] CoTaskMemFree (pv=0x1b8936c0) [0101.016] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.016] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0101.017] CoTaskMemFree (pv=0x1b8936c0) [0101.017] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x220f148, cb=0x18 | out: lpmodinfo=0x220f148*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0101.017] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.017] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0101.018] CoTaskMemFree (pv=0x1b8936c0) [0101.018] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.018] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0101.019] CoTaskMemFree (pv=0x1b8936c0) [0101.019] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x22112f0, cb=0x18 | out: lpmodinfo=0x22112f0*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0101.019] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.019] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0101.020] CoTaskMemFree (pv=0x1b8936c0) [0101.020] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.020] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0101.020] CoTaskMemFree (pv=0x1b8936c0) [0101.020] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x22134d0, cb=0x18 | out: lpmodinfo=0x22134d0*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0101.021] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.021] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0101.021] CoTaskMemFree (pv=0x1b8936c0) [0101.021] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.022] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0101.022] CoTaskMemFree (pv=0x1b8936c0) [0101.022] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x2215688, cb=0x18 | out: lpmodinfo=0x2215688*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0101.023] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.023] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0101.023] CoTaskMemFree (pv=0x1b8936c0) [0101.023] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.023] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0101.024] CoTaskMemFree (pv=0x1b8936c0) [0101.024] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x22178c8, cb=0x18 | out: lpmodinfo=0x22178c8*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0101.024] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.024] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0101.025] CoTaskMemFree (pv=0x1b8936c0) [0101.025] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.025] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0101.026] CoTaskMemFree (pv=0x1b8936c0) [0101.026] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x2219b20, cb=0x18 | out: lpmodinfo=0x2219b20*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0101.026] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.026] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0101.027] CoTaskMemFree (pv=0x1b8936c0) [0101.027] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.027] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0101.028] CoTaskMemFree (pv=0x1b8936c0) [0101.028] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x221bdb0, cb=0x18 | out: lpmodinfo=0x221bdb0*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0101.028] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.028] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0101.029] CoTaskMemFree (pv=0x1b8936c0) [0101.029] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.029] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0101.029] CoTaskMemFree (pv=0x1b8936c0) [0101.029] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x221e008, cb=0x18 | out: lpmodinfo=0x221e008*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0101.030] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.030] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0101.031] CoTaskMemFree (pv=0x1b8936c0) [0101.031] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.031] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0101.031] CoTaskMemFree (pv=0x1b8936c0) [0101.031] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x22201c0, cb=0x18 | out: lpmodinfo=0x22201c0*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0101.032] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.032] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0101.032] CoTaskMemFree (pv=0x1b8936c0) [0101.033] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.033] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0101.033] CoTaskMemFree (pv=0x1b8936c0) [0101.033] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x2222368, cb=0x18 | out: lpmodinfo=0x2222368*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0101.034] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.034] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0101.034] CoTaskMemFree (pv=0x1b8936c0) [0101.034] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.034] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0101.035] CoTaskMemFree (pv=0x1b8936c0) [0101.035] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x2224510, cb=0x18 | out: lpmodinfo=0x2224510*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0101.036] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.036] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0101.036] CoTaskMemFree (pv=0x1b8936c0) [0101.036] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.036] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0101.037] CoTaskMemFree (pv=0x1b8936c0) [0101.037] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x22268d0, cb=0x18 | out: lpmodinfo=0x22268d0*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0101.038] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.038] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0101.039] CoTaskMemFree (pv=0x1b8936c0) [0101.039] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.039] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0101.040] CoTaskMemFree (pv=0x1b8936c0) [0101.040] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x2228a78, cb=0x18 | out: lpmodinfo=0x2228a78*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0101.040] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.040] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0101.041] CoTaskMemFree (pv=0x1b8936c0) [0101.041] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.041] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0101.041] CoTaskMemFree (pv=0x1b8936c0) [0101.042] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x222ac20, cb=0x18 | out: lpmodinfo=0x222ac20*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0101.042] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.042] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0101.043] CoTaskMemFree (pv=0x1b8936c0) [0101.043] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.043] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0101.044] CoTaskMemFree (pv=0x1b8936c0) [0101.044] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x222ce08, cb=0x18 | out: lpmodinfo=0x222ce08*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0101.044] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.044] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0101.045] CoTaskMemFree (pv=0x1b8936c0) [0101.045] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.045] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0101.046] CoTaskMemFree (pv=0x1b8936c0) [0101.046] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x222efc0, cb=0x18 | out: lpmodinfo=0x222efc0*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0101.047] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.047] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0101.048] CoTaskMemFree (pv=0x1b8936c0) [0101.048] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.048] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0101.049] CoTaskMemFree (pv=0x1b8936c0) [0101.049] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x2231158, cb=0x18 | out: lpmodinfo=0x2231158*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0101.049] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.049] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0101.050] CoTaskMemFree (pv=0x1b8936c0) [0101.050] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.050] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0101.051] CoTaskMemFree (pv=0x1b8936c0) [0101.051] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x2233310, cb=0x18 | out: lpmodinfo=0x2233310*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0101.052] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.052] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0101.052] CoTaskMemFree (pv=0x1b8936c0) [0101.052] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.052] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0101.053] CoTaskMemFree (pv=0x1b8936c0) [0101.053] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x22354c8, cb=0x18 | out: lpmodinfo=0x22354c8*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0101.054] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.054] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0101.055] CoTaskMemFree (pv=0x1b8936c0) [0101.055] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.055] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0101.056] CoTaskMemFree (pv=0x1b8936c0) [0101.056] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x2237670, cb=0x18 | out: lpmodinfo=0x2237670*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0101.057] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.057] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0101.058] CoTaskMemFree (pv=0x1b8936c0) [0101.058] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.058] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0101.059] CoTaskMemFree (pv=0x1b8936c0) [0101.059] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x2239828, cb=0x18 | out: lpmodinfo=0x2239828*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0101.060] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.060] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0101.060] CoTaskMemFree (pv=0x1b8936c0) [0101.061] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.061] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0101.061] CoTaskMemFree (pv=0x1b8936c0) [0101.061] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x223b9f0, cb=0x18 | out: lpmodinfo=0x223b9f0*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0101.062] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.062] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0101.063] CoTaskMemFree (pv=0x1b8936c0) [0101.063] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.063] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0101.066] CoTaskMemFree (pv=0x1b8936c0) [0101.066] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x223db98, cb=0x18 | out: lpmodinfo=0x223db98*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0101.066] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.066] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0101.067] CoTaskMemFree (pv=0x1b8936c0) [0101.067] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.067] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0101.069] CoTaskMemFree (pv=0x1b8936c0) [0101.069] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x223fd50, cb=0x18 | out: lpmodinfo=0x223fd50*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0101.070] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.070] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0101.071] CoTaskMemFree (pv=0x1b8936c0) [0101.071] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.071] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0101.072] CoTaskMemFree (pv=0x1b8936c0) [0101.072] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x2241ef8, cb=0x18 | out: lpmodinfo=0x2241ef8*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0101.073] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.073] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0101.074] CoTaskMemFree (pv=0x1b8936c0) [0101.074] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.074] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0101.074] CoTaskMemFree (pv=0x1b8936c0) [0101.074] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x22440a0, cb=0x18 | out: lpmodinfo=0x22440a0*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0101.075] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.075] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0101.076] CoTaskMemFree (pv=0x1b8936c0) [0101.076] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.076] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0101.077] CoTaskMemFree (pv=0x1b8936c0) [0101.077] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x2246248, cb=0x18 | out: lpmodinfo=0x2246248*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0101.078] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.078] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0101.079] CoTaskMemFree (pv=0x1b8936c0) [0101.079] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.079] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0101.080] CoTaskMemFree (pv=0x1b8936c0) [0101.080] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x2248400, cb=0x18 | out: lpmodinfo=0x2248400*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0101.081] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.081] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0101.081] CoTaskMemFree (pv=0x1b8936c0) [0101.081] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.081] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0101.082] CoTaskMemFree (pv=0x1b8936c0) [0101.082] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x224a5b8, cb=0x18 | out: lpmodinfo=0x224a5b8*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0101.083] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.083] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0101.084] CoTaskMemFree (pv=0x1b8936c0) [0101.084] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.084] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0101.085] CoTaskMemFree (pv=0x1b8936c0) [0101.085] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x224c760, cb=0x18 | out: lpmodinfo=0x224c760*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0101.086] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.086] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0101.087] CoTaskMemFree (pv=0x1b8936c0) [0101.087] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.087] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0101.092] CoTaskMemFree (pv=0x1b8936c0) [0101.092] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x224e908, cb=0x18 | out: lpmodinfo=0x224e908*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0101.094] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.094] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0101.095] CoTaskMemFree (pv=0x1b8936c0) [0101.095] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.095] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0101.097] CoTaskMemFree (pv=0x1b8936c0) [0101.097] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x2250ab0, cb=0x18 | out: lpmodinfo=0x2250ab0*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0101.100] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.100] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0101.101] CoTaskMemFree (pv=0x1b8936c0) [0101.101] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.101] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0101.102] CoTaskMemFree (pv=0x1b8936c0) [0101.102] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x2252c68, cb=0x18 | out: lpmodinfo=0x2252c68*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0101.103] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.103] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0101.104] CoTaskMemFree (pv=0x1b8936c0) [0101.104] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.104] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0101.106] CoTaskMemFree (pv=0x1b8936c0) [0101.106] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x2254e10, cb=0x18 | out: lpmodinfo=0x2254e10*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0101.129] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.129] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0101.130] CoTaskMemFree (pv=0x1b8936c0) [0101.130] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.131] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0101.132] CoTaskMemFree (pv=0x1b8936c0) [0101.132] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x2256fb8, cb=0x18 | out: lpmodinfo=0x2256fb8*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0101.133] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.133] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0101.134] CoTaskMemFree (pv=0x1b8936c0) [0101.134] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.134] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0101.135] CoTaskMemFree (pv=0x1b8936c0) [0101.135] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x2259180, cb=0x18 | out: lpmodinfo=0x2259180*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0101.136] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.136] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0101.137] CoTaskMemFree (pv=0x1b8936c0) [0101.137] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.137] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0101.138] CoTaskMemFree (pv=0x1b8936c0) [0101.139] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x225b328, cb=0x18 | out: lpmodinfo=0x225b328*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0101.140] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.140] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0101.141] CoTaskMemFree (pv=0x1b8936c0) [0101.141] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.141] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0101.142] CoTaskMemFree (pv=0x1b8936c0) [0101.142] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x225d4d0, cb=0x18 | out: lpmodinfo=0x225d4d0*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0101.143] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.143] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0101.144] CoTaskMemFree (pv=0x1b8936c0) [0101.144] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.144] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0101.145] CoTaskMemFree (pv=0x1b8936c0) [0101.145] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x225f688, cb=0x18 | out: lpmodinfo=0x225f688*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0101.146] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.147] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0101.148] CoTaskMemFree (pv=0x1b8936c0) [0101.148] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.148] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0101.149] CoTaskMemFree (pv=0x1b8936c0) [0101.149] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x22618f8, cb=0x18 | out: lpmodinfo=0x22618f8*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0101.150] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.150] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0101.152] CoTaskMemFree (pv=0x1b8936c0) [0101.152] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.152] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0101.153] CoTaskMemFree (pv=0x1b8936c0) [0101.153] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x2263b88, cb=0x18 | out: lpmodinfo=0x2263b88*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0101.154] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.154] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0101.155] CoTaskMemFree (pv=0x1b8936c0) [0101.155] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.155] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0101.156] CoTaskMemFree (pv=0x1b8936c0) [0101.156] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x2265d30, cb=0x18 | out: lpmodinfo=0x2265d30*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0101.157] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.157] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0101.159] CoTaskMemFree (pv=0x1b8936c0) [0101.159] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.159] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0101.160] CoTaskMemFree (pv=0x1b8936c0) [0101.160] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x2267fa0, cb=0x18 | out: lpmodinfo=0x2267fa0*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0101.161] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.161] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x1b8936c0, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0101.162] CoTaskMemFree (pv=0x1b8936c0) [0101.162] CoTaskMemAlloc (cb=0x804) returned 0x1b8936c0 [0101.162] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x1b8936c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0101.163] CoTaskMemFree (pv=0x1b8936c0) [0101.164] CloseHandle (hObject=0x260) returned 1 [0101.190] CoTaskMemAlloc (cb=0x40b) returned 0x1b850970 [0101.299] CoTaskMemAlloc (cb=0x16) returned 0x1b8b6c40 [0101.300] CoTaskMemAlloc (cb=0xa9) returned 0x1b8b3220 [0101.339] CoTaskMemAlloc (cb=0x136) returned 0x58c540 [0101.341] CoTaskMemAlloc (cb=0x1e) returned 0x1b8b3ca0 [0101.341] CoTaskMemAlloc (cb=0x23bc) returned 0x1b8936c0 [0101.589] GetCurrentProcessId () returned 0x13e0 [0101.589] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0101.589] EnumProcessModules (in: hProcess=0x260, lphModule=0x2341a58, cb=0x200, lpcbNeeded=0x14dab8 | out: lphModule=0x2341a58, lpcbNeeded=0x14dab8) returned 1 [0101.591] EnumProcessModules (in: hProcess=0x260, lphModule=0x2341c70, cb=0x400, lpcbNeeded=0x14dab8 | out: lphModule=0x2341c70, lpcbNeeded=0x14dab8) returned 1 [0101.592] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x23420e0, cb=0x18 | out: lpmodinfo=0x23420e0*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0101.592] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.592] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0101.592] CoTaskMemFree (pv=0x1b896730) [0101.592] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.592] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0101.592] CoTaskMemFree (pv=0x1b896730) [0101.593] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x23443c0, cb=0x18 | out: lpmodinfo=0x23443c0*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0101.593] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.593] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0101.593] CoTaskMemFree (pv=0x1b896730) [0101.593] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.593] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0101.593] CoTaskMemFree (pv=0x1b896730) [0101.593] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x2346568, cb=0x18 | out: lpmodinfo=0x2346568*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0101.593] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.593] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0101.594] CoTaskMemFree (pv=0x1b896730) [0101.594] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.594] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0101.594] CoTaskMemFree (pv=0x1b896730) [0101.594] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x2348710, cb=0x18 | out: lpmodinfo=0x2348710*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0101.594] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.594] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0101.594] CoTaskMemFree (pv=0x1b896730) [0101.594] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.594] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0101.595] CoTaskMemFree (pv=0x1b896730) [0101.595] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x234a8c8, cb=0x18 | out: lpmodinfo=0x234a8c8*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0101.595] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.595] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0101.595] CoTaskMemFree (pv=0x1b896730) [0101.595] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.595] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0101.595] CoTaskMemFree (pv=0x1b896730) [0101.595] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x234cad8, cb=0x18 | out: lpmodinfo=0x234cad8*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0101.596] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.596] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0101.596] CoTaskMemFree (pv=0x1b896730) [0101.596] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.596] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0101.597] CoTaskMemFree (pv=0x1b896730) [0101.597] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x234ec80, cb=0x18 | out: lpmodinfo=0x234ec80*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0101.597] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.597] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0101.597] CoTaskMemFree (pv=0x1b896730) [0101.597] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.597] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0101.597] CoTaskMemFree (pv=0x1b896730) [0101.598] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x2350e38, cb=0x18 | out: lpmodinfo=0x2350e38*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0101.598] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.598] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0101.598] CoTaskMemFree (pv=0x1b896730) [0101.599] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.599] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0101.599] CoTaskMemFree (pv=0x1b896730) [0101.599] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x2352fe0, cb=0x18 | out: lpmodinfo=0x2352fe0*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0101.599] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.599] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0101.600] CoTaskMemFree (pv=0x1b896730) [0101.600] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.600] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0101.600] CoTaskMemFree (pv=0x1b896730) [0101.600] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x2355220, cb=0x18 | out: lpmodinfo=0x2355220*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0101.600] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.600] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0101.601] CoTaskMemFree (pv=0x1b896730) [0101.601] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.601] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0101.601] CoTaskMemFree (pv=0x1b896730) [0101.601] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x23573c8, cb=0x18 | out: lpmodinfo=0x23573c8*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0101.601] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.601] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0101.602] CoTaskMemFree (pv=0x1b896730) [0101.602] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.602] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0101.602] CoTaskMemFree (pv=0x1b896730) [0101.602] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x23595b8, cb=0x18 | out: lpmodinfo=0x23595b8*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0101.602] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.602] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0101.603] CoTaskMemFree (pv=0x1b896730) [0101.603] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.603] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0101.603] CoTaskMemFree (pv=0x1b896730) [0101.603] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x235b760, cb=0x18 | out: lpmodinfo=0x235b760*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0101.604] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.604] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0101.604] CoTaskMemFree (pv=0x1b896730) [0101.604] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.604] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0101.604] CoTaskMemFree (pv=0x1b896730) [0101.604] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x235d908, cb=0x18 | out: lpmodinfo=0x235d908*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0101.605] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.605] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0101.605] CoTaskMemFree (pv=0x1b896730) [0101.605] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.605] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0101.605] CoTaskMemFree (pv=0x1b896730) [0101.606] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x235fae0, cb=0x18 | out: lpmodinfo=0x235fae0*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0101.606] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.606] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0101.606] CoTaskMemFree (pv=0x1b896730) [0101.606] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.606] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0101.607] CoTaskMemFree (pv=0x1b896730) [0101.607] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x2361c88, cb=0x18 | out: lpmodinfo=0x2361c88*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0101.608] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.608] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0101.608] CoTaskMemFree (pv=0x1b896730) [0101.608] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.608] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0101.609] CoTaskMemFree (pv=0x1b896730) [0101.609] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x2363e30, cb=0x18 | out: lpmodinfo=0x2363e30*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0101.609] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.609] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0101.610] CoTaskMemFree (pv=0x1b896730) [0101.610] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.610] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0101.610] CoTaskMemFree (pv=0x1b896730) [0101.610] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x23660f0, cb=0x18 | out: lpmodinfo=0x23660f0*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0101.611] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.611] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0101.611] CoTaskMemFree (pv=0x1b896730) [0101.611] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.611] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0101.612] CoTaskMemFree (pv=0x1b896730) [0101.612] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x23682b8, cb=0x18 | out: lpmodinfo=0x23682b8*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0101.612] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.612] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0101.613] CoTaskMemFree (pv=0x1b896730) [0101.613] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.613] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0101.614] CoTaskMemFree (pv=0x1b896730) [0101.614] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x236a460, cb=0x18 | out: lpmodinfo=0x236a460*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0101.615] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.615] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0101.615] CoTaskMemFree (pv=0x1b896730) [0101.615] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.615] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0101.616] CoTaskMemFree (pv=0x1b896730) [0101.616] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x236c630, cb=0x18 | out: lpmodinfo=0x236c630*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0101.616] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.616] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0101.616] CoTaskMemFree (pv=0x1b896730) [0101.616] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.616] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0101.617] CoTaskMemFree (pv=0x1b896730) [0101.617] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x236e808, cb=0x18 | out: lpmodinfo=0x236e808*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0101.617] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.617] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0101.618] CoTaskMemFree (pv=0x1b896730) [0101.618] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.618] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0101.619] CoTaskMemFree (pv=0x1b896730) [0101.619] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x2370a50, cb=0x18 | out: lpmodinfo=0x2370a50*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0101.619] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.619] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0101.620] CoTaskMemFree (pv=0x1b896730) [0101.620] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.620] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0101.621] CoTaskMemFree (pv=0x1b896730) [0101.621] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x2372bf8, cb=0x18 | out: lpmodinfo=0x2372bf8*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0101.621] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.621] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0101.622] CoTaskMemFree (pv=0x1b896730) [0101.622] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.622] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0101.623] CoTaskMemFree (pv=0x1b896730) [0101.623] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x2374dd8, cb=0x18 | out: lpmodinfo=0x2374dd8*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0101.623] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.623] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0101.624] CoTaskMemFree (pv=0x1b896730) [0101.624] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.624] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0101.624] CoTaskMemFree (pv=0x1b896730) [0101.625] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x2376f90, cb=0x18 | out: lpmodinfo=0x2376f90*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0101.625] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.625] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0101.626] CoTaskMemFree (pv=0x1b896730) [0101.626] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.626] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0101.626] CoTaskMemFree (pv=0x1b896730) [0101.626] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x23791d0, cb=0x18 | out: lpmodinfo=0x23791d0*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0101.627] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.627] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0101.627] CoTaskMemFree (pv=0x1b896730) [0101.627] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.627] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0101.628] CoTaskMemFree (pv=0x1b896730) [0101.628] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x237b428, cb=0x18 | out: lpmodinfo=0x237b428*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0101.628] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.628] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0101.629] CoTaskMemFree (pv=0x1b896730) [0101.629] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.629] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0101.630] CoTaskMemFree (pv=0x1b896730) [0101.630] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x237d6b8, cb=0x18 | out: lpmodinfo=0x237d6b8*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0101.630] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.630] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0101.631] CoTaskMemFree (pv=0x1b896730) [0101.631] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.631] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0101.632] CoTaskMemFree (pv=0x1b896730) [0101.632] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x237f910, cb=0x18 | out: lpmodinfo=0x237f910*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0101.633] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.633] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0101.633] CoTaskMemFree (pv=0x1b896730) [0101.633] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.633] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0101.634] CoTaskMemFree (pv=0x1b896730) [0101.634] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x2381ac8, cb=0x18 | out: lpmodinfo=0x2381ac8*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0101.649] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.649] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0101.650] CoTaskMemFree (pv=0x1b896730) [0101.650] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.650] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0101.651] CoTaskMemFree (pv=0x1b896730) [0101.651] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x21bf9b0, cb=0x18 | out: lpmodinfo=0x21bf9b0*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0101.651] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.651] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0101.652] CoTaskMemFree (pv=0x1b896730) [0101.652] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.652] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0101.653] CoTaskMemFree (pv=0x1b896730) [0101.653] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x21c1b58, cb=0x18 | out: lpmodinfo=0x21c1b58*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0101.653] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.653] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0101.654] CoTaskMemFree (pv=0x1b896730) [0101.654] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.654] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0101.655] CoTaskMemFree (pv=0x1b896730) [0101.655] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x21c3f18, cb=0x18 | out: lpmodinfo=0x21c3f18*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0101.655] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.655] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0101.656] CoTaskMemFree (pv=0x1b896730) [0101.656] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.656] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0101.657] CoTaskMemFree (pv=0x1b896730) [0101.657] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x21c60c0, cb=0x18 | out: lpmodinfo=0x21c60c0*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0101.658] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.658] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0101.689] CoTaskMemFree (pv=0x1b896730) [0101.689] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.689] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0101.690] CoTaskMemFree (pv=0x1b896730) [0101.690] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x21c8268, cb=0x18 | out: lpmodinfo=0x21c8268*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0101.690] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.690] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0101.691] CoTaskMemFree (pv=0x1b896730) [0101.691] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.691] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0101.692] CoTaskMemFree (pv=0x1b896730) [0101.692] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x21ca450, cb=0x18 | out: lpmodinfo=0x21ca450*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0101.693] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.693] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0101.693] CoTaskMemFree (pv=0x1b896730) [0101.694] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.694] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0101.694] CoTaskMemFree (pv=0x1b896730) [0101.694] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x21cc608, cb=0x18 | out: lpmodinfo=0x21cc608*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0101.695] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.695] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0101.696] CoTaskMemFree (pv=0x1b896730) [0101.696] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.696] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0101.697] CoTaskMemFree (pv=0x1b896730) [0101.697] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x21ce7a0, cb=0x18 | out: lpmodinfo=0x21ce7a0*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0101.698] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.698] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0101.699] CoTaskMemFree (pv=0x1b896730) [0101.699] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.699] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0101.700] CoTaskMemFree (pv=0x1b896730) [0101.700] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x21d0958, cb=0x18 | out: lpmodinfo=0x21d0958*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0101.700] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.701] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0101.702] CoTaskMemFree (pv=0x1b896730) [0101.702] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.702] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0101.703] CoTaskMemFree (pv=0x1b896730) [0101.703] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x21d2b10, cb=0x18 | out: lpmodinfo=0x21d2b10*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0101.704] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.704] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0101.705] CoTaskMemFree (pv=0x1b896730) [0101.705] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.705] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0101.706] CoTaskMemFree (pv=0x1b896730) [0101.706] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x21d4cb8, cb=0x18 | out: lpmodinfo=0x21d4cb8*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0101.707] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.707] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0101.708] CoTaskMemFree (pv=0x1b896730) [0101.708] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.708] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0101.709] CoTaskMemFree (pv=0x1b896730) [0101.709] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x21d6e70, cb=0x18 | out: lpmodinfo=0x21d6e70*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0101.710] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.710] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0101.711] CoTaskMemFree (pv=0x1b896730) [0101.711] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.711] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0101.712] CoTaskMemFree (pv=0x1b896730) [0101.712] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x21d9038, cb=0x18 | out: lpmodinfo=0x21d9038*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0101.714] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.714] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0101.715] CoTaskMemFree (pv=0x1b896730) [0101.715] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.715] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0101.716] CoTaskMemFree (pv=0x1b896730) [0101.716] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x21db1e0, cb=0x18 | out: lpmodinfo=0x21db1e0*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0101.717] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.717] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0101.719] CoTaskMemFree (pv=0x1b896730) [0101.719] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.719] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0101.720] CoTaskMemFree (pv=0x1b896730) [0101.720] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x21dd398, cb=0x18 | out: lpmodinfo=0x21dd398*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0101.721] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.721] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0101.722] CoTaskMemFree (pv=0x1b896730) [0101.722] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.722] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0101.723] CoTaskMemFree (pv=0x1b896730) [0101.723] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x21df540, cb=0x18 | out: lpmodinfo=0x21df540*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0101.724] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.724] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0101.725] CoTaskMemFree (pv=0x1b896730) [0101.725] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.725] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0101.726] CoTaskMemFree (pv=0x1b896730) [0101.726] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x21e16e8, cb=0x18 | out: lpmodinfo=0x21e16e8*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0101.727] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.727] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0101.728] CoTaskMemFree (pv=0x1b896730) [0101.728] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.728] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0101.729] CoTaskMemFree (pv=0x1b896730) [0101.729] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x21e3890, cb=0x18 | out: lpmodinfo=0x21e3890*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0101.730] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.730] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0101.731] CoTaskMemFree (pv=0x1b896730) [0101.731] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.731] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0101.733] CoTaskMemFree (pv=0x1b896730) [0101.733] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x21e5a48, cb=0x18 | out: lpmodinfo=0x21e5a48*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0101.734] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.734] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0101.735] CoTaskMemFree (pv=0x1b896730) [0101.735] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.735] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0101.736] CoTaskMemFree (pv=0x1b896730) [0101.736] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x21e7c00, cb=0x18 | out: lpmodinfo=0x21e7c00*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0101.737] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.737] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0101.738] CoTaskMemFree (pv=0x1b896730) [0101.738] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.738] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0101.739] CoTaskMemFree (pv=0x1b896730) [0101.739] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x21e9da8, cb=0x18 | out: lpmodinfo=0x21e9da8*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0101.741] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.741] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0101.742] CoTaskMemFree (pv=0x1b896730) [0101.742] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.742] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0101.743] CoTaskMemFree (pv=0x1b896730) [0101.743] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x21ebf50, cb=0x18 | out: lpmodinfo=0x21ebf50*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0101.744] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.744] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0101.745] CoTaskMemFree (pv=0x1b896730) [0101.745] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.745] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0101.746] CoTaskMemFree (pv=0x1b896730) [0101.746] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x21ee0f8, cb=0x18 | out: lpmodinfo=0x21ee0f8*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0101.747] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.747] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0101.748] CoTaskMemFree (pv=0x1b896730) [0101.748] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.748] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0101.750] CoTaskMemFree (pv=0x1b896730) [0101.750] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x21f02b0, cb=0x18 | out: lpmodinfo=0x21f02b0*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0101.751] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.751] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0101.752] CoTaskMemFree (pv=0x1b896730) [0101.752] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.752] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0101.753] CoTaskMemFree (pv=0x1b896730) [0101.753] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x21f2458, cb=0x18 | out: lpmodinfo=0x21f2458*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0101.754] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.754] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0101.755] CoTaskMemFree (pv=0x1b896730) [0101.756] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.756] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0101.757] CoTaskMemFree (pv=0x1b896730) [0101.757] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x21f4600, cb=0x18 | out: lpmodinfo=0x21f4600*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0101.758] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.758] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0101.759] CoTaskMemFree (pv=0x1b896730) [0101.759] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.759] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0101.760] CoTaskMemFree (pv=0x1b896730) [0101.760] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x21f67c8, cb=0x18 | out: lpmodinfo=0x21f67c8*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0101.761] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.761] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0101.762] CoTaskMemFree (pv=0x1b896730) [0101.762] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.762] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0101.763] CoTaskMemFree (pv=0x1b896730) [0101.764] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x21f8970, cb=0x18 | out: lpmodinfo=0x21f8970*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0101.765] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.765] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0101.766] CoTaskMemFree (pv=0x1b896730) [0101.766] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.766] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0101.768] CoTaskMemFree (pv=0x1b896730) [0101.768] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x21fab18, cb=0x18 | out: lpmodinfo=0x21fab18*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0101.769] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.769] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0101.770] CoTaskMemFree (pv=0x1b896730) [0101.770] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.770] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0101.772] CoTaskMemFree (pv=0x1b896730) [0101.772] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x21fccd0, cb=0x18 | out: lpmodinfo=0x21fccd0*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0101.773] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.773] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0101.774] CoTaskMemFree (pv=0x1b896730) [0101.774] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.774] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0101.776] CoTaskMemFree (pv=0x1b896730) [0101.776] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x21fef40, cb=0x18 | out: lpmodinfo=0x21fef40*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0101.777] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.777] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0101.778] CoTaskMemFree (pv=0x1b896730) [0101.778] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.778] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0101.779] CoTaskMemFree (pv=0x1b896730) [0101.780] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x22011d0, cb=0x18 | out: lpmodinfo=0x22011d0*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0101.781] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.781] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0101.782] CoTaskMemFree (pv=0x1b896730) [0101.782] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.782] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0101.783] CoTaskMemFree (pv=0x1b896730) [0101.783] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x2203378, cb=0x18 | out: lpmodinfo=0x2203378*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0101.785] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.785] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0101.786] CoTaskMemFree (pv=0x1b896730) [0101.786] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.786] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0101.788] CoTaskMemFree (pv=0x1b896730) [0101.788] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x22055e8, cb=0x18 | out: lpmodinfo=0x22055e8*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0101.789] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.789] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0101.790] CoTaskMemFree (pv=0x1b896730) [0101.791] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.791] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0101.792] CoTaskMemFree (pv=0x1b896730) [0101.792] CloseHandle (hObject=0x260) returned 1 [0101.913] GetCurrentProcessId () returned 0x13e0 [0101.913] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0101.913] EnumProcessModules (in: hProcess=0x260, lphModule=0x22377f0, cb=0x200, lpcbNeeded=0x14dab8 | out: lphModule=0x22377f0, lpcbNeeded=0x14dab8) returned 1 [0101.914] EnumProcessModules (in: hProcess=0x260, lphModule=0x2237a08, cb=0x400, lpcbNeeded=0x14dab8 | out: lphModule=0x2237a08, lpcbNeeded=0x14dab8) returned 1 [0101.916] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x2237e78, cb=0x18 | out: lpmodinfo=0x2237e78*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0101.916] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.916] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0101.916] CoTaskMemFree (pv=0x1b896730) [0101.916] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.916] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0101.917] CoTaskMemFree (pv=0x1b896730) [0101.917] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x223a158, cb=0x18 | out: lpmodinfo=0x223a158*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0101.917] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.917] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0101.917] CoTaskMemFree (pv=0x1b896730) [0101.917] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.917] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0101.917] CoTaskMemFree (pv=0x1b896730) [0101.917] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x223c300, cb=0x18 | out: lpmodinfo=0x223c300*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0101.917] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.917] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0101.918] CoTaskMemFree (pv=0x1b896730) [0101.918] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.918] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0101.918] CoTaskMemFree (pv=0x1b896730) [0101.918] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x223e4a8, cb=0x18 | out: lpmodinfo=0x223e4a8*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0101.918] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.918] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0101.919] CoTaskMemFree (pv=0x1b896730) [0101.919] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.919] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0101.919] CoTaskMemFree (pv=0x1b896730) [0101.919] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x2240660, cb=0x18 | out: lpmodinfo=0x2240660*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0101.919] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.919] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0101.919] CoTaskMemFree (pv=0x1b896730) [0101.919] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.919] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0101.920] CoTaskMemFree (pv=0x1b896730) [0101.920] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x2242870, cb=0x18 | out: lpmodinfo=0x2242870*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0101.920] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.920] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0101.920] CoTaskMemFree (pv=0x1b896730) [0101.920] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.920] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0101.921] CoTaskMemFree (pv=0x1b896730) [0101.921] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x2244a18, cb=0x18 | out: lpmodinfo=0x2244a18*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0101.921] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.921] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0101.921] CoTaskMemFree (pv=0x1b896730) [0101.921] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.921] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0101.922] CoTaskMemFree (pv=0x1b896730) [0101.922] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x2246bd0, cb=0x18 | out: lpmodinfo=0x2246bd0*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0101.922] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.922] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0101.922] CoTaskMemFree (pv=0x1b896730) [0101.922] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.922] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0101.924] CoTaskMemFree (pv=0x1b896730) [0101.924] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x2248d78, cb=0x18 | out: lpmodinfo=0x2248d78*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0101.924] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.924] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0101.925] CoTaskMemFree (pv=0x1b896730) [0101.925] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.925] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0101.925] CoTaskMemFree (pv=0x1b896730) [0101.925] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x224afb8, cb=0x18 | out: lpmodinfo=0x224afb8*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0101.925] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.925] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0101.926] CoTaskMemFree (pv=0x1b896730) [0101.926] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.926] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0101.926] CoTaskMemFree (pv=0x1b896730) [0101.926] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x224d160, cb=0x18 | out: lpmodinfo=0x224d160*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0101.927] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.927] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0101.927] CoTaskMemFree (pv=0x1b896730) [0101.927] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.927] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0101.928] CoTaskMemFree (pv=0x1b896730) [0101.928] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x224f350, cb=0x18 | out: lpmodinfo=0x224f350*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0101.928] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.928] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0101.928] CoTaskMemFree (pv=0x1b896730) [0101.928] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.928] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0101.929] CoTaskMemFree (pv=0x1b896730) [0101.929] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x22514f8, cb=0x18 | out: lpmodinfo=0x22514f8*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0101.929] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.929] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0101.930] CoTaskMemFree (pv=0x1b896730) [0101.930] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.930] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0101.930] CoTaskMemFree (pv=0x1b896730) [0101.930] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x22536a0, cb=0x18 | out: lpmodinfo=0x22536a0*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0101.931] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.931] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0101.931] CoTaskMemFree (pv=0x1b896730) [0101.931] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.931] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0101.931] CoTaskMemFree (pv=0x1b896730) [0101.932] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x2255878, cb=0x18 | out: lpmodinfo=0x2255878*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0101.932] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.932] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0101.932] CoTaskMemFree (pv=0x1b896730) [0101.933] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.933] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0101.933] CoTaskMemFree (pv=0x1b896730) [0101.933] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x2257a20, cb=0x18 | out: lpmodinfo=0x2257a20*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0101.934] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.934] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0101.934] CoTaskMemFree (pv=0x1b896730) [0101.934] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.934] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0101.935] CoTaskMemFree (pv=0x1b896730) [0101.935] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x2259bc8, cb=0x18 | out: lpmodinfo=0x2259bc8*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0101.935] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.935] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0101.939] CoTaskMemFree (pv=0x1b896730) [0101.939] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.939] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0101.939] CoTaskMemFree (pv=0x1b896730) [0101.939] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x225be88, cb=0x18 | out: lpmodinfo=0x225be88*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0101.940] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.940] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0101.940] CoTaskMemFree (pv=0x1b896730) [0101.940] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.940] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0101.941] CoTaskMemFree (pv=0x1b896730) [0101.941] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x225e050, cb=0x18 | out: lpmodinfo=0x225e050*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0101.941] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.941] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0101.942] CoTaskMemFree (pv=0x1b896730) [0101.942] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.942] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0101.942] CoTaskMemFree (pv=0x1b896730) [0101.942] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x22601f8, cb=0x18 | out: lpmodinfo=0x22601f8*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0101.943] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.943] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0101.944] CoTaskMemFree (pv=0x1b896730) [0101.944] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.944] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0101.944] CoTaskMemFree (pv=0x1b896730) [0101.944] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x22623c8, cb=0x18 | out: lpmodinfo=0x22623c8*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0101.945] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.945] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0101.945] CoTaskMemFree (pv=0x1b896730) [0101.945] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.945] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0101.946] CoTaskMemFree (pv=0x1b896730) [0101.946] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x22645a0, cb=0x18 | out: lpmodinfo=0x22645a0*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0101.946] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.947] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0101.947] CoTaskMemFree (pv=0x1b896730) [0101.947] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.947] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0101.948] CoTaskMemFree (pv=0x1b896730) [0101.948] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x22667e8, cb=0x18 | out: lpmodinfo=0x22667e8*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0101.948] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.948] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0101.949] CoTaskMemFree (pv=0x1b896730) [0101.949] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.949] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0101.949] CoTaskMemFree (pv=0x1b896730) [0101.950] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x2268990, cb=0x18 | out: lpmodinfo=0x2268990*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0101.950] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.950] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0101.951] CoTaskMemFree (pv=0x1b896730) [0101.951] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.951] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0101.951] CoTaskMemFree (pv=0x1b896730) [0101.951] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x226ab70, cb=0x18 | out: lpmodinfo=0x226ab70*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0101.952] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.952] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0101.953] CoTaskMemFree (pv=0x1b896730) [0101.953] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.953] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0101.953] CoTaskMemFree (pv=0x1b896730) [0101.953] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x226cd28, cb=0x18 | out: lpmodinfo=0x226cd28*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0101.954] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.954] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0101.954] CoTaskMemFree (pv=0x1b896730) [0101.954] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.955] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0101.955] CoTaskMemFree (pv=0x1b896730) [0101.955] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x226ef68, cb=0x18 | out: lpmodinfo=0x226ef68*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0101.956] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.956] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0101.956] CoTaskMemFree (pv=0x1b896730) [0101.956] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.956] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0101.957] CoTaskMemFree (pv=0x1b896730) [0101.957] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x22711c0, cb=0x18 | out: lpmodinfo=0x22711c0*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0101.958] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.958] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0101.959] CoTaskMemFree (pv=0x1b896730) [0101.959] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.959] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0101.959] CoTaskMemFree (pv=0x1b896730) [0101.959] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x2273450, cb=0x18 | out: lpmodinfo=0x2273450*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0101.960] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.960] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0101.973] CoTaskMemFree (pv=0x1b896730) [0101.973] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.973] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0101.974] CoTaskMemFree (pv=0x1b896730) [0101.974] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x22756a8, cb=0x18 | out: lpmodinfo=0x22756a8*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0101.975] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.975] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0101.976] CoTaskMemFree (pv=0x1b896730) [0101.976] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.976] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0101.976] CoTaskMemFree (pv=0x1b896730) [0101.976] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x2277860, cb=0x18 | out: lpmodinfo=0x2277860*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0101.977] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.977] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0101.978] CoTaskMemFree (pv=0x1b896730) [0101.978] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.978] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0101.978] CoTaskMemFree (pv=0x1b896730) [0101.978] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x2279a08, cb=0x18 | out: lpmodinfo=0x2279a08*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0101.979] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.979] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0101.980] CoTaskMemFree (pv=0x1b896730) [0101.980] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.980] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0101.980] CoTaskMemFree (pv=0x1b896730) [0101.980] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x227bbb0, cb=0x18 | out: lpmodinfo=0x227bbb0*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0101.981] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.981] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0101.982] CoTaskMemFree (pv=0x1b896730) [0101.982] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.982] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0101.982] CoTaskMemFree (pv=0x1b896730) [0101.982] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x227df70, cb=0x18 | out: lpmodinfo=0x227df70*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0101.983] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.983] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0101.984] CoTaskMemFree (pv=0x1b896730) [0101.984] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.984] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0101.984] CoTaskMemFree (pv=0x1b896730) [0101.984] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x2280118, cb=0x18 | out: lpmodinfo=0x2280118*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0101.985] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.985] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0101.986] CoTaskMemFree (pv=0x1b896730) [0101.986] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.986] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0101.987] CoTaskMemFree (pv=0x1b896730) [0101.987] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x22822c0, cb=0x18 | out: lpmodinfo=0x22822c0*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0101.987] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.987] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0101.988] CoTaskMemFree (pv=0x1b896730) [0101.988] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.988] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0101.989] CoTaskMemFree (pv=0x1b896730) [0101.989] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x22844a8, cb=0x18 | out: lpmodinfo=0x22844a8*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0101.989] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.989] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0101.990] CoTaskMemFree (pv=0x1b896730) [0101.990] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.990] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0101.991] CoTaskMemFree (pv=0x1b896730) [0101.991] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x2286660, cb=0x18 | out: lpmodinfo=0x2286660*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0101.991] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.991] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0101.992] CoTaskMemFree (pv=0x1b896730) [0101.992] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.992] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0101.993] CoTaskMemFree (pv=0x1b896730) [0101.993] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x22887f8, cb=0x18 | out: lpmodinfo=0x22887f8*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0101.994] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.994] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0101.994] CoTaskMemFree (pv=0x1b896730) [0101.994] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.994] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0101.995] CoTaskMemFree (pv=0x1b896730) [0101.995] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x228a9b0, cb=0x18 | out: lpmodinfo=0x228a9b0*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0101.996] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.996] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0101.997] CoTaskMemFree (pv=0x1b896730) [0101.997] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.997] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0101.998] CoTaskMemFree (pv=0x1b896730) [0101.998] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x228cb68, cb=0x18 | out: lpmodinfo=0x228cb68*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0101.999] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.999] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0101.999] CoTaskMemFree (pv=0x1b896730) [0101.999] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0101.999] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0102.000] CoTaskMemFree (pv=0x1b896730) [0102.000] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x228ed10, cb=0x18 | out: lpmodinfo=0x228ed10*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0102.003] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.003] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0102.004] CoTaskMemFree (pv=0x1b896730) [0102.004] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.004] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0102.005] CoTaskMemFree (pv=0x1b896730) [0102.005] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x2290ec8, cb=0x18 | out: lpmodinfo=0x2290ec8*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0102.006] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.006] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0102.007] CoTaskMemFree (pv=0x1b896730) [0102.007] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.007] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0102.008] CoTaskMemFree (pv=0x1b896730) [0102.008] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x2293090, cb=0x18 | out: lpmodinfo=0x2293090*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0102.009] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.009] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0102.009] CoTaskMemFree (pv=0x1b896730) [0102.009] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.009] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0102.010] CoTaskMemFree (pv=0x1b896730) [0102.010] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x2295238, cb=0x18 | out: lpmodinfo=0x2295238*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0102.011] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.011] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0102.012] CoTaskMemFree (pv=0x1b896730) [0102.012] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.012] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0102.013] CoTaskMemFree (pv=0x1b896730) [0102.013] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x22973f0, cb=0x18 | out: lpmodinfo=0x22973f0*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0102.014] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.014] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0102.015] CoTaskMemFree (pv=0x1b896730) [0102.015] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.015] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0102.016] CoTaskMemFree (pv=0x1b896730) [0102.016] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x2299598, cb=0x18 | out: lpmodinfo=0x2299598*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0102.017] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.017] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0102.018] CoTaskMemFree (pv=0x1b896730) [0102.018] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.018] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0102.019] CoTaskMemFree (pv=0x1b896730) [0102.019] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x229b740, cb=0x18 | out: lpmodinfo=0x229b740*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0102.020] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.020] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0102.021] CoTaskMemFree (pv=0x1b896730) [0102.021] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.021] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0102.022] CoTaskMemFree (pv=0x1b896730) [0102.022] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x229d8e8, cb=0x18 | out: lpmodinfo=0x229d8e8*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0102.023] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.023] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0102.025] CoTaskMemFree (pv=0x1b896730) [0102.025] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.025] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0102.026] CoTaskMemFree (pv=0x1b896730) [0102.026] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x229faa0, cb=0x18 | out: lpmodinfo=0x229faa0*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0102.027] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.027] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0102.028] CoTaskMemFree (pv=0x1b896730) [0102.028] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.028] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0102.029] CoTaskMemFree (pv=0x1b896730) [0102.029] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x22a1c58, cb=0x18 | out: lpmodinfo=0x22a1c58*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0102.030] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.030] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0102.031] CoTaskMemFree (pv=0x1b896730) [0102.031] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.031] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0102.032] CoTaskMemFree (pv=0x1b896730) [0102.032] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x22a3e00, cb=0x18 | out: lpmodinfo=0x22a3e00*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0102.032] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.033] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0102.034] CoTaskMemFree (pv=0x1b896730) [0102.034] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.034] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0102.035] CoTaskMemFree (pv=0x1b896730) [0102.035] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x22a5fa8, cb=0x18 | out: lpmodinfo=0x22a5fa8*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0102.036] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.036] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0102.036] CoTaskMemFree (pv=0x1b896730) [0102.037] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.037] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0102.037] CoTaskMemFree (pv=0x1b896730) [0102.037] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x22a8150, cb=0x18 | out: lpmodinfo=0x22a8150*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0102.038] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.038] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0102.039] CoTaskMemFree (pv=0x1b896730) [0102.039] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.039] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0102.040] CoTaskMemFree (pv=0x1b896730) [0102.040] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x22aa308, cb=0x18 | out: lpmodinfo=0x22aa308*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0102.041] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.041] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0102.042] CoTaskMemFree (pv=0x1b896730) [0102.042] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.042] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0102.043] CoTaskMemFree (pv=0x1b896730) [0102.043] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x22ac4b0, cb=0x18 | out: lpmodinfo=0x22ac4b0*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0102.044] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.044] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0102.045] CoTaskMemFree (pv=0x1b896730) [0102.046] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.046] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0102.046] CoTaskMemFree (pv=0x1b896730) [0102.047] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x22ae658, cb=0x18 | out: lpmodinfo=0x22ae658*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0102.047] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.047] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0102.048] CoTaskMemFree (pv=0x1b896730) [0102.049] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.049] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0102.050] CoTaskMemFree (pv=0x1b896730) [0102.050] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x22b0820, cb=0x18 | out: lpmodinfo=0x22b0820*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0102.051] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.051] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0102.052] CoTaskMemFree (pv=0x1b896730) [0102.052] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.052] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0102.053] CoTaskMemFree (pv=0x1b896730) [0102.053] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x22b29c8, cb=0x18 | out: lpmodinfo=0x22b29c8*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0102.054] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.054] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0102.055] CoTaskMemFree (pv=0x1b896730) [0102.055] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.055] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0102.056] CoTaskMemFree (pv=0x1b896730) [0102.056] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x22b4b70, cb=0x18 | out: lpmodinfo=0x22b4b70*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0102.057] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.057] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0102.058] CoTaskMemFree (pv=0x1b896730) [0102.058] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.058] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0102.059] CoTaskMemFree (pv=0x1b896730) [0102.059] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x22b6d28, cb=0x18 | out: lpmodinfo=0x22b6d28*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0102.060] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.060] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0102.159] CoTaskMemFree (pv=0x1b896730) [0102.159] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.159] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0102.160] CoTaskMemFree (pv=0x1b896730) [0102.160] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x22b8f98, cb=0x18 | out: lpmodinfo=0x22b8f98*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0102.161] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.161] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0102.162] CoTaskMemFree (pv=0x1b896730) [0102.162] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.162] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0102.163] CoTaskMemFree (pv=0x1b896730) [0102.163] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x22bb228, cb=0x18 | out: lpmodinfo=0x22bb228*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0102.164] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.164] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0102.166] CoTaskMemFree (pv=0x1b896730) [0102.166] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.166] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0102.167] CoTaskMemFree (pv=0x1b896730) [0102.167] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x22bd3d0, cb=0x18 | out: lpmodinfo=0x22bd3d0*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0102.168] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.168] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0102.169] CoTaskMemFree (pv=0x1b896730) [0102.169] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.169] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0102.170] CoTaskMemFree (pv=0x1b896730) [0102.170] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x22bf640, cb=0x18 | out: lpmodinfo=0x22bf640*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0102.172] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.172] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0102.173] CoTaskMemFree (pv=0x1b896730) [0102.173] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.173] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0102.174] CoTaskMemFree (pv=0x1b896730) [0102.174] CloseHandle (hObject=0x260) returned 1 [0102.259] GetCurrentProcessId () returned 0x13e0 [0102.259] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0102.259] EnumProcessModules (in: hProcess=0x260, lphModule=0x23633b0, cb=0x200, lpcbNeeded=0x14dab8 | out: lphModule=0x23633b0, lpcbNeeded=0x14dab8) returned 1 [0102.260] EnumProcessModules (in: hProcess=0x260, lphModule=0x23635c8, cb=0x400, lpcbNeeded=0x14dab8 | out: lphModule=0x23635c8, lpcbNeeded=0x14dab8) returned 1 [0102.261] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x2363a38, cb=0x18 | out: lpmodinfo=0x2363a38*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0102.261] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.261] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0102.262] CoTaskMemFree (pv=0x1b896730) [0102.262] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.262] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0102.262] CoTaskMemFree (pv=0x1b896730) [0102.262] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x2365d18, cb=0x18 | out: lpmodinfo=0x2365d18*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0102.262] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.262] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0102.262] CoTaskMemFree (pv=0x1b896730) [0102.262] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.262] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0102.262] CoTaskMemFree (pv=0x1b896730) [0102.262] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x2367ec0, cb=0x18 | out: lpmodinfo=0x2367ec0*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0102.262] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.262] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0102.263] CoTaskMemFree (pv=0x1b896730) [0102.263] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.263] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0102.263] CoTaskMemFree (pv=0x1b896730) [0102.263] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x236a068, cb=0x18 | out: lpmodinfo=0x236a068*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0102.263] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.263] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0102.263] CoTaskMemFree (pv=0x1b896730) [0102.263] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.263] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0102.263] CoTaskMemFree (pv=0x1b896730) [0102.263] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x236c220, cb=0x18 | out: lpmodinfo=0x236c220*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0102.264] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.264] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0102.264] CoTaskMemFree (pv=0x1b896730) [0102.264] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.264] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0102.264] CoTaskMemFree (pv=0x1b896730) [0102.264] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x236e430, cb=0x18 | out: lpmodinfo=0x236e430*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0102.264] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.264] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0102.264] CoTaskMemFree (pv=0x1b896730) [0102.264] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.265] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0102.265] CoTaskMemFree (pv=0x1b896730) [0102.265] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x23705d8, cb=0x18 | out: lpmodinfo=0x23705d8*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0102.265] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.265] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0102.265] CoTaskMemFree (pv=0x1b896730) [0102.265] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.265] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0102.266] CoTaskMemFree (pv=0x1b896730) [0102.266] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x2372790, cb=0x18 | out: lpmodinfo=0x2372790*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0102.266] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.266] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0102.266] CoTaskMemFree (pv=0x1b896730) [0102.266] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.266] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0102.266] CoTaskMemFree (pv=0x1b896730) [0102.266] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x2374938, cb=0x18 | out: lpmodinfo=0x2374938*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0102.267] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.267] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0102.267] CoTaskMemFree (pv=0x1b896730) [0102.267] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.267] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0102.267] CoTaskMemFree (pv=0x1b896730) [0102.267] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x2376b78, cb=0x18 | out: lpmodinfo=0x2376b78*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0102.268] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.268] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0102.268] CoTaskMemFree (pv=0x1b896730) [0102.268] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.268] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0102.269] CoTaskMemFree (pv=0x1b896730) [0102.269] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x2378d20, cb=0x18 | out: lpmodinfo=0x2378d20*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0102.269] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.269] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0102.269] CoTaskMemFree (pv=0x1b896730) [0102.269] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.269] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0102.270] CoTaskMemFree (pv=0x1b896730) [0102.270] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x237af10, cb=0x18 | out: lpmodinfo=0x237af10*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0102.270] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.270] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0102.271] CoTaskMemFree (pv=0x1b896730) [0102.271] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.271] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0102.271] CoTaskMemFree (pv=0x1b896730) [0102.271] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x237d0b8, cb=0x18 | out: lpmodinfo=0x237d0b8*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0102.272] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.272] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0102.272] CoTaskMemFree (pv=0x1b896730) [0102.272] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.272] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0102.272] CoTaskMemFree (pv=0x1b896730) [0102.272] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x237f260, cb=0x18 | out: lpmodinfo=0x237f260*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0102.273] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.273] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0102.273] CoTaskMemFree (pv=0x1b896730) [0102.273] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.273] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0102.273] CoTaskMemFree (pv=0x1b896730) [0102.273] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x2381438, cb=0x18 | out: lpmodinfo=0x2381438*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0102.274] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.274] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0102.275] CoTaskMemFree (pv=0x1b896730) [0102.275] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.275] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0102.275] CoTaskMemFree (pv=0x1b896730) [0102.275] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x23835e0, cb=0x18 | out: lpmodinfo=0x23835e0*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0102.276] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.276] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0102.276] CoTaskMemFree (pv=0x1b896730) [0102.276] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.276] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0102.276] CoTaskMemFree (pv=0x1b896730) [0102.276] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x2385788, cb=0x18 | out: lpmodinfo=0x2385788*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0102.277] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.277] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0102.277] CoTaskMemFree (pv=0x1b896730) [0102.277] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.277] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0102.278] CoTaskMemFree (pv=0x1b896730) [0102.278] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x2387a48, cb=0x18 | out: lpmodinfo=0x2387a48*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0102.278] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.278] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0102.278] CoTaskMemFree (pv=0x1b896730) [0102.278] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.278] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0102.279] CoTaskMemFree (pv=0x1b896730) [0102.279] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x2389c10, cb=0x18 | out: lpmodinfo=0x2389c10*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0102.279] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.279] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0102.280] CoTaskMemFree (pv=0x1b896730) [0102.280] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.280] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0102.280] CoTaskMemFree (pv=0x1b896730) [0102.280] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x238bdb8, cb=0x18 | out: lpmodinfo=0x238bdb8*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0102.281] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.281] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0102.281] CoTaskMemFree (pv=0x1b896730) [0102.281] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.281] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0102.282] CoTaskMemFree (pv=0x1b896730) [0102.282] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x238df88, cb=0x18 | out: lpmodinfo=0x238df88*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0102.282] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.282] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0102.283] CoTaskMemFree (pv=0x1b896730) [0102.283] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.283] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0102.283] CoTaskMemFree (pv=0x1b896730) [0102.283] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x2390160, cb=0x18 | out: lpmodinfo=0x2390160*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0102.284] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.284] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0102.284] CoTaskMemFree (pv=0x1b896730) [0102.285] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.285] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0102.285] CoTaskMemFree (pv=0x1b896730) [0102.285] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x23923a8, cb=0x18 | out: lpmodinfo=0x23923a8*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0102.286] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.286] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0102.286] CoTaskMemFree (pv=0x1b896730) [0102.287] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.287] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0102.302] CoTaskMemFree (pv=0x1b896730) [0102.302] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x2394550, cb=0x18 | out: lpmodinfo=0x2394550*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0102.303] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.303] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0102.303] CoTaskMemFree (pv=0x1b896730) [0102.304] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.304] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0102.304] CoTaskMemFree (pv=0x1b896730) [0102.304] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x2396730, cb=0x18 | out: lpmodinfo=0x2396730*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0102.304] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.304] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0102.305] CoTaskMemFree (pv=0x1b896730) [0102.305] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.305] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0102.306] CoTaskMemFree (pv=0x1b896730) [0102.306] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x23988e8, cb=0x18 | out: lpmodinfo=0x23988e8*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0102.306] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.306] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0102.307] CoTaskMemFree (pv=0x1b896730) [0102.307] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.307] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0102.307] CoTaskMemFree (pv=0x1b896730) [0102.307] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x239ab28, cb=0x18 | out: lpmodinfo=0x239ab28*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0102.308] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.308] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0102.308] CoTaskMemFree (pv=0x1b896730) [0102.308] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.308] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0102.309] CoTaskMemFree (pv=0x1b896730) [0102.309] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x239cd80, cb=0x18 | out: lpmodinfo=0x239cd80*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0102.310] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.310] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0102.311] CoTaskMemFree (pv=0x1b896730) [0102.311] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.311] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0102.311] CoTaskMemFree (pv=0x1b896730) [0102.311] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x239f010, cb=0x18 | out: lpmodinfo=0x239f010*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0102.312] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.312] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0102.313] CoTaskMemFree (pv=0x1b896730) [0102.313] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.313] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0102.313] CoTaskMemFree (pv=0x1b896730) [0102.313] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x23a1268, cb=0x18 | out: lpmodinfo=0x23a1268*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0102.322] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.322] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0102.323] CoTaskMemFree (pv=0x1b896730) [0102.323] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.323] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0102.324] CoTaskMemFree (pv=0x1b896730) [0102.324] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x23a3420, cb=0x18 | out: lpmodinfo=0x23a3420*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0102.325] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.325] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0102.326] CoTaskMemFree (pv=0x1b896730) [0102.326] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.326] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0102.326] CoTaskMemFree (pv=0x1b896730) [0102.326] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x23a55c8, cb=0x18 | out: lpmodinfo=0x23a55c8*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0102.333] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.333] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0102.334] CoTaskMemFree (pv=0x1b896730) [0102.334] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.334] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0102.335] CoTaskMemFree (pv=0x1b896730) [0102.335] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x23a7770, cb=0x18 | out: lpmodinfo=0x23a7770*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0102.336] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.336] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0102.337] CoTaskMemFree (pv=0x1b896730) [0102.337] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.337] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0102.338] CoTaskMemFree (pv=0x1b896730) [0102.338] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x23a9b30, cb=0x18 | out: lpmodinfo=0x23a9b30*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0102.339] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.339] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0102.340] CoTaskMemFree (pv=0x1b896730) [0102.340] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.340] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0102.341] CoTaskMemFree (pv=0x1b896730) [0102.341] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x23abcd8, cb=0x18 | out: lpmodinfo=0x23abcd8*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0102.342] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.342] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0102.342] CoTaskMemFree (pv=0x1b896730) [0102.342] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.342] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0102.343] CoTaskMemFree (pv=0x1b896730) [0102.343] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x23ade80, cb=0x18 | out: lpmodinfo=0x23ade80*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0102.344] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.344] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0102.344] CoTaskMemFree (pv=0x1b896730) [0102.344] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.345] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0102.345] CoTaskMemFree (pv=0x1b896730) [0102.345] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x23b0068, cb=0x18 | out: lpmodinfo=0x23b0068*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0102.346] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.346] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0102.346] CoTaskMemFree (pv=0x1b896730) [0102.347] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.347] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0102.348] CoTaskMemFree (pv=0x1b896730) [0102.348] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x23b2220, cb=0x18 | out: lpmodinfo=0x23b2220*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0102.348] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.349] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0102.349] CoTaskMemFree (pv=0x1b896730) [0102.349] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.349] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0102.350] CoTaskMemFree (pv=0x1b896730) [0102.350] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x23b43b8, cb=0x18 | out: lpmodinfo=0x23b43b8*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0102.390] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.390] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0102.391] CoTaskMemFree (pv=0x1b896730) [0102.391] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.391] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0102.402] CoTaskMemFree (pv=0x1b896730) [0102.402] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x23b6570, cb=0x18 | out: lpmodinfo=0x23b6570*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0102.402] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.402] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0102.403] CoTaskMemFree (pv=0x1b896730) [0102.403] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.403] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0102.404] CoTaskMemFree (pv=0x1b896730) [0102.404] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x23b8728, cb=0x18 | out: lpmodinfo=0x23b8728*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0102.405] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.405] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0102.405] CoTaskMemFree (pv=0x1b896730) [0102.406] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.406] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0102.406] CoTaskMemFree (pv=0x1b896730) [0102.406] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x23ba8d0, cb=0x18 | out: lpmodinfo=0x23ba8d0*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0102.407] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.407] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0102.408] CoTaskMemFree (pv=0x1b896730) [0102.408] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.408] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0102.408] CoTaskMemFree (pv=0x1b896730) [0102.408] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x23bca88, cb=0x18 | out: lpmodinfo=0x23bca88*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0102.409] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.409] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0102.410] CoTaskMemFree (pv=0x1b896730) [0102.410] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.410] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0102.411] CoTaskMemFree (pv=0x1b896730) [0102.411] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x23bec50, cb=0x18 | out: lpmodinfo=0x23bec50*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0102.412] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.412] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0102.413] CoTaskMemFree (pv=0x1b896730) [0102.413] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.413] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0102.414] CoTaskMemFree (pv=0x1b896730) [0102.414] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x23c0df8, cb=0x18 | out: lpmodinfo=0x23c0df8*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0102.414] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.414] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0102.416] CoTaskMemFree (pv=0x1b896730) [0102.416] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.416] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0102.416] CoTaskMemFree (pv=0x1b896730) [0102.416] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x23c2fb0, cb=0x18 | out: lpmodinfo=0x23c2fb0*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0102.417] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.417] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0102.418] CoTaskMemFree (pv=0x1b896730) [0102.418] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.418] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0102.419] CoTaskMemFree (pv=0x1b896730) [0102.419] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x23c5158, cb=0x18 | out: lpmodinfo=0x23c5158*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0102.420] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.420] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0102.451] CoTaskMemFree (pv=0x1b896730) [0102.451] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.451] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0102.452] CoTaskMemFree (pv=0x1b896730) [0102.452] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x23c7300, cb=0x18 | out: lpmodinfo=0x23c7300*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0102.453] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.453] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0102.454] CoTaskMemFree (pv=0x1b896730) [0102.454] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.454] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0102.455] CoTaskMemFree (pv=0x1b896730) [0102.455] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x23c94a8, cb=0x18 | out: lpmodinfo=0x23c94a8*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0102.456] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.456] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0102.460] CoTaskMemFree (pv=0x1b896730) [0102.460] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.460] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0102.461] CoTaskMemFree (pv=0x1b896730) [0102.461] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x23cb660, cb=0x18 | out: lpmodinfo=0x23cb660*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0102.462] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.462] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0102.463] CoTaskMemFree (pv=0x1b896730) [0102.463] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.463] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0102.464] CoTaskMemFree (pv=0x1b896730) [0102.464] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x23cd818, cb=0x18 | out: lpmodinfo=0x23cd818*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0102.466] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.467] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0102.467] CoTaskMemFree (pv=0x1b896730) [0102.467] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.467] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0102.468] CoTaskMemFree (pv=0x1b896730) [0102.468] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x23cf9c0, cb=0x18 | out: lpmodinfo=0x23cf9c0*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0102.470] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.470] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0102.471] CoTaskMemFree (pv=0x1b896730) [0102.471] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.471] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0102.473] CoTaskMemFree (pv=0x1b896730) [0102.473] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x23d1b68, cb=0x18 | out: lpmodinfo=0x23d1b68*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0102.474] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.474] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0102.475] CoTaskMemFree (pv=0x1b896730) [0102.475] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.475] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0102.476] CoTaskMemFree (pv=0x1b896730) [0102.476] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x23d3d10, cb=0x18 | out: lpmodinfo=0x23d3d10*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0102.477] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.478] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0102.479] CoTaskMemFree (pv=0x1b896730) [0102.479] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.479] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0102.480] CoTaskMemFree (pv=0x1b896730) [0102.480] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x23d5ec8, cb=0x18 | out: lpmodinfo=0x23d5ec8*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0102.481] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.481] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0102.482] CoTaskMemFree (pv=0x1b896730) [0102.482] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.482] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0102.484] CoTaskMemFree (pv=0x1b896730) [0102.484] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x23d8070, cb=0x18 | out: lpmodinfo=0x23d8070*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0102.486] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.486] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0102.489] CoTaskMemFree (pv=0x1b896730) [0102.489] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.489] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0102.490] CoTaskMemFree (pv=0x1b896730) [0102.490] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x23da218, cb=0x18 | out: lpmodinfo=0x23da218*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0102.491] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.491] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0102.492] CoTaskMemFree (pv=0x1b896730) [0102.493] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.493] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0102.494] CoTaskMemFree (pv=0x1b896730) [0102.494] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x23dc3e0, cb=0x18 | out: lpmodinfo=0x23dc3e0*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0102.495] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.496] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0102.497] CoTaskMemFree (pv=0x1b896730) [0102.497] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.497] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0102.498] CoTaskMemFree (pv=0x1b896730) [0102.498] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x23de588, cb=0x18 | out: lpmodinfo=0x23de588*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0102.500] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.500] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0102.501] CoTaskMemFree (pv=0x1b896730) [0102.501] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.501] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0102.502] CoTaskMemFree (pv=0x1b896730) [0102.503] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x23e0730, cb=0x18 | out: lpmodinfo=0x23e0730*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0102.504] CoTaskMemAlloc (cb=0x804) returned 0x1b896730 [0102.504] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0102.505] CoTaskMemFree (pv=0x1b896730) [0102.506] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0102.507] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x23e28e8, cb=0x18 | out: lpmodinfo=0x23e28e8*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0102.508] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0102.510] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0102.511] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x23e4b58, cb=0x18 | out: lpmodinfo=0x23e4b58*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0102.512] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0102.514] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0102.515] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x23e6de8, cb=0x18 | out: lpmodinfo=0x23e6de8*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0102.516] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0102.518] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0102.519] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x23e8f90, cb=0x18 | out: lpmodinfo=0x23e8f90*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0102.520] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0102.522] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0102.523] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x23eb200, cb=0x18 | out: lpmodinfo=0x23eb200*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0102.524] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x1b896730, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0102.526] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x1b896730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0102.527] CloseHandle (hObject=0x260) returned 1 [0102.598] GetCurrentProcessId () returned 0x13e0 [0102.598] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0102.598] EnumProcessModules (in: hProcess=0x260, lphModule=0x2534770, cb=0x200, lpcbNeeded=0x14dab8 | out: lphModule=0x2534770, lpcbNeeded=0x14dab8) returned 1 [0102.600] EnumProcessModules (in: hProcess=0x260, lphModule=0x2534988, cb=0x400, lpcbNeeded=0x14dab8 | out: lphModule=0x2534988, lpcbNeeded=0x14dab8) returned 1 [0102.601] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x2534df8, cb=0x18 | out: lpmodinfo=0x2534df8*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0102.601] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0102.601] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0102.602] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x25370d8, cb=0x18 | out: lpmodinfo=0x25370d8*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0102.602] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0102.602] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0102.602] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x2539280, cb=0x18 | out: lpmodinfo=0x2539280*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0102.603] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0102.603] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0102.603] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x253b428, cb=0x18 | out: lpmodinfo=0x253b428*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0102.603] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0102.604] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0102.604] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x253d5e0, cb=0x18 | out: lpmodinfo=0x253d5e0*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0102.604] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0102.604] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0102.605] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x253f7f0, cb=0x18 | out: lpmodinfo=0x253f7f0*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0102.605] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0102.605] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0102.605] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x2541998, cb=0x18 | out: lpmodinfo=0x2541998*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0102.606] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0102.607] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0102.607] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x2543b50, cb=0x18 | out: lpmodinfo=0x2543b50*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0102.607] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0102.607] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0102.608] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x2545cf8, cb=0x18 | out: lpmodinfo=0x2545cf8*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0102.608] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0102.609] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0102.609] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x2547f38, cb=0x18 | out: lpmodinfo=0x2547f38*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0102.609] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0102.610] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0102.610] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x254a0e0, cb=0x18 | out: lpmodinfo=0x254a0e0*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0102.611] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0102.611] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0102.612] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x254c2d0, cb=0x18 | out: lpmodinfo=0x254c2d0*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0102.612] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0102.612] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0102.613] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x254e478, cb=0x18 | out: lpmodinfo=0x254e478*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0102.613] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0102.613] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0102.614] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x2550620, cb=0x18 | out: lpmodinfo=0x2550620*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0102.614] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0102.615] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0102.616] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x25527f8, cb=0x18 | out: lpmodinfo=0x25527f8*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0102.616] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0102.617] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0102.617] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x25549a0, cb=0x18 | out: lpmodinfo=0x25549a0*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0102.617] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0102.618] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0102.619] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x2556b48, cb=0x18 | out: lpmodinfo=0x2556b48*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0102.619] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0102.620] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0102.620] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x2558e08, cb=0x18 | out: lpmodinfo=0x2558e08*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0102.621] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0102.621] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0102.622] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x255afd0, cb=0x18 | out: lpmodinfo=0x255afd0*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0102.622] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0102.623] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0102.623] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x255d178, cb=0x18 | out: lpmodinfo=0x255d178*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0102.624] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0102.624] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0102.625] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x255f348, cb=0x18 | out: lpmodinfo=0x255f348*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0102.625] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0102.626] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0102.627] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x2561520, cb=0x18 | out: lpmodinfo=0x2561520*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0102.627] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0102.629] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0102.629] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x2563768, cb=0x18 | out: lpmodinfo=0x2563768*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0102.630] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0102.630] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0102.631] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x2565910, cb=0x18 | out: lpmodinfo=0x2565910*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0102.632] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0102.632] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0102.633] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x2567af0, cb=0x18 | out: lpmodinfo=0x2567af0*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0102.634] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0102.634] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0102.635] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x2569ca8, cb=0x18 | out: lpmodinfo=0x2569ca8*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0102.635] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0102.636] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0102.637] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x256bee8, cb=0x18 | out: lpmodinfo=0x256bee8*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0102.637] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0102.639] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0102.640] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x256e140, cb=0x18 | out: lpmodinfo=0x256e140*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0102.641] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0102.641] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0102.642] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x25703d0, cb=0x18 | out: lpmodinfo=0x25703d0*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0102.643] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0102.644] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0102.645] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x2572628, cb=0x18 | out: lpmodinfo=0x2572628*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0102.645] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0102.646] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0102.647] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x25747e0, cb=0x18 | out: lpmodinfo=0x25747e0*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0102.648] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0102.648] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0102.649] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x2576988, cb=0x18 | out: lpmodinfo=0x2576988*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0102.650] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0102.651] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0102.651] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x2578b30, cb=0x18 | out: lpmodinfo=0x2578b30*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0102.652] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0102.653] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0102.654] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x257aef0, cb=0x18 | out: lpmodinfo=0x257aef0*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0102.654] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0102.655] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0102.656] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x257d098, cb=0x18 | out: lpmodinfo=0x257d098*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0102.657] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0102.658] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0102.658] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x257f240, cb=0x18 | out: lpmodinfo=0x257f240*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0102.660] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0102.661] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0102.662] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x2581428, cb=0x18 | out: lpmodinfo=0x2581428*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0102.663] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0102.664] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0102.665] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x25835e0, cb=0x18 | out: lpmodinfo=0x25835e0*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0102.675] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0102.677] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0102.678] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x2585778, cb=0x18 | out: lpmodinfo=0x2585778*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0102.679] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0102.680] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0102.680] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x2587930, cb=0x18 | out: lpmodinfo=0x2587930*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0102.681] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0102.682] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0102.683] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x2589ae8, cb=0x18 | out: lpmodinfo=0x2589ae8*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0102.684] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0102.685] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0102.686] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x258bc90, cb=0x18 | out: lpmodinfo=0x258bc90*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0102.688] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0102.689] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0102.690] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x258de48, cb=0x18 | out: lpmodinfo=0x258de48*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0102.691] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0102.692] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0102.693] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x2590010, cb=0x18 | out: lpmodinfo=0x2590010*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0102.694] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0102.695] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0102.696] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x25921b8, cb=0x18 | out: lpmodinfo=0x25921b8*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0102.697] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0102.699] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0102.700] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x2594370, cb=0x18 | out: lpmodinfo=0x2594370*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0102.701] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0102.702] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0102.703] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x2596518, cb=0x18 | out: lpmodinfo=0x2596518*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0102.704] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0102.705] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0102.706] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x25986c0, cb=0x18 | out: lpmodinfo=0x25986c0*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0102.707] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0102.708] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0102.710] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x259a868, cb=0x18 | out: lpmodinfo=0x259a868*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0102.711] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0102.712] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0102.713] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x259ca20, cb=0x18 | out: lpmodinfo=0x259ca20*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0102.745] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0102.746] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0102.747] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x259ebd8, cb=0x18 | out: lpmodinfo=0x259ebd8*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0102.748] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0102.749] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0102.751] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x25a0d80, cb=0x18 | out: lpmodinfo=0x25a0d80*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0102.752] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0102.754] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0102.755] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x25a2f28, cb=0x18 | out: lpmodinfo=0x25a2f28*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0102.756] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0102.757] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0102.758] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x25a50d0, cb=0x18 | out: lpmodinfo=0x25a50d0*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0102.760] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0102.761] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0102.762] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x25a7288, cb=0x18 | out: lpmodinfo=0x25a7288*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0102.765] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0102.767] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0102.768] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x25a9430, cb=0x18 | out: lpmodinfo=0x25a9430*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0102.769] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0102.770] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0102.772] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x25ab5d8, cb=0x18 | out: lpmodinfo=0x25ab5d8*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0102.773] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0102.774] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0102.775] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x25ad7a0, cb=0x18 | out: lpmodinfo=0x25ad7a0*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0102.776] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0102.777] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0102.778] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x25af948, cb=0x18 | out: lpmodinfo=0x25af948*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0102.780] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0102.781] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0102.782] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x25b1af0, cb=0x18 | out: lpmodinfo=0x25b1af0*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0102.784] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0102.785] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0102.786] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x25b3ca8, cb=0x18 | out: lpmodinfo=0x25b3ca8*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0102.787] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0102.788] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0102.789] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x25b5f18, cb=0x18 | out: lpmodinfo=0x25b5f18*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0102.791] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0102.792] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0102.793] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x25b81a8, cb=0x18 | out: lpmodinfo=0x25b81a8*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0102.794] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0102.796] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0102.797] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x25ba350, cb=0x18 | out: lpmodinfo=0x25ba350*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0102.798] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0102.799] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0102.801] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x25bc5c0, cb=0x18 | out: lpmodinfo=0x25bc5c0*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0102.802] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0102.803] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0102.805] CloseHandle (hObject=0x260) returned 1 [0102.821] GetCurrentProcessId () returned 0x13e0 [0102.821] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0102.821] EnumProcessModules (in: hProcess=0x260, lphModule=0x22f1ba8, cb=0x200, lpcbNeeded=0x14dab8 | out: lphModule=0x22f1ba8, lpcbNeeded=0x14dab8) returned 1 [0102.822] EnumProcessModules (in: hProcess=0x260, lphModule=0x22f1dc0, cb=0x400, lpcbNeeded=0x14dab8 | out: lphModule=0x22f1dc0, lpcbNeeded=0x14dab8) returned 1 [0102.823] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x22f2230, cb=0x18 | out: lpmodinfo=0x22f2230*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0102.824] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0102.824] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0102.824] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x22f4510, cb=0x18 | out: lpmodinfo=0x22f4510*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0102.824] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0102.824] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0102.824] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x22f66b8, cb=0x18 | out: lpmodinfo=0x22f66b8*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0102.825] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0102.825] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0102.825] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x22f8860, cb=0x18 | out: lpmodinfo=0x22f8860*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0102.825] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0102.825] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0102.826] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x22faa18, cb=0x18 | out: lpmodinfo=0x22faa18*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0102.826] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0102.826] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0102.826] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x22fcc28, cb=0x18 | out: lpmodinfo=0x22fcc28*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0102.826] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0102.827] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0102.827] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x22fedd0, cb=0x18 | out: lpmodinfo=0x22fedd0*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0102.827] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0102.828] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0102.828] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x2300f88, cb=0x18 | out: lpmodinfo=0x2300f88*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0102.828] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0102.828] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0102.829] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x2303130, cb=0x18 | out: lpmodinfo=0x2303130*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0102.829] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0102.829] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0102.830] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x2305370, cb=0x18 | out: lpmodinfo=0x2305370*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0102.830] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0102.830] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0102.830] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x2307518, cb=0x18 | out: lpmodinfo=0x2307518*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0102.831] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0102.831] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0102.832] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x2309708, cb=0x18 | out: lpmodinfo=0x2309708*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0102.832] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0102.832] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0102.832] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x230b8b0, cb=0x18 | out: lpmodinfo=0x230b8b0*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0102.833] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0102.833] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0102.834] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x230da58, cb=0x18 | out: lpmodinfo=0x230da58*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0102.834] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0102.834] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0102.835] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x230fc30, cb=0x18 | out: lpmodinfo=0x230fc30*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0102.835] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0102.836] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0102.836] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x2311dd8, cb=0x18 | out: lpmodinfo=0x2311dd8*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0102.837] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0102.837] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0102.841] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x2313f80, cb=0x18 | out: lpmodinfo=0x2313f80*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0102.841] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0102.842] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0102.873] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x2316240, cb=0x18 | out: lpmodinfo=0x2316240*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0102.873] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0102.874] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0102.874] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x2318408, cb=0x18 | out: lpmodinfo=0x2318408*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0102.875] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0102.875] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0102.876] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x231a5b0, cb=0x18 | out: lpmodinfo=0x231a5b0*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0102.876] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0102.876] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0102.877] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x231c780, cb=0x18 | out: lpmodinfo=0x231c780*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0102.877] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0102.878] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0102.878] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x231e958, cb=0x18 | out: lpmodinfo=0x231e958*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0102.879] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0102.879] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0102.880] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x2320ba0, cb=0x18 | out: lpmodinfo=0x2320ba0*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0102.880] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0102.880] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0102.881] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x2322d48, cb=0x18 | out: lpmodinfo=0x2322d48*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0102.881] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0102.882] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0102.883] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x2324f28, cb=0x18 | out: lpmodinfo=0x2324f28*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0102.913] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0102.914] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0102.915] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x23270e0, cb=0x18 | out: lpmodinfo=0x23270e0*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0102.915] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0102.916] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0102.916] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x2329320, cb=0x18 | out: lpmodinfo=0x2329320*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0102.917] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0102.917] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0102.918] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x232b578, cb=0x18 | out: lpmodinfo=0x232b578*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0102.918] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0102.919] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0102.920] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x232d808, cb=0x18 | out: lpmodinfo=0x232d808*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0102.920] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0102.921] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0102.921] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x232fa60, cb=0x18 | out: lpmodinfo=0x232fa60*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0102.922] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0102.923] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0102.923] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x2331c18, cb=0x18 | out: lpmodinfo=0x2331c18*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0102.924] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0102.925] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0102.925] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x2333dc0, cb=0x18 | out: lpmodinfo=0x2333dc0*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0102.926] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0102.927] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0102.927] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x2335f68, cb=0x18 | out: lpmodinfo=0x2335f68*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0102.928] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0102.929] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0102.929] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x2338328, cb=0x18 | out: lpmodinfo=0x2338328*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0102.930] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0102.930] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0102.931] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x233a4d0, cb=0x18 | out: lpmodinfo=0x233a4d0*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0102.932] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0102.932] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0102.933] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x233c678, cb=0x18 | out: lpmodinfo=0x233c678*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0102.934] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0102.935] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0102.935] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x233e860, cb=0x18 | out: lpmodinfo=0x233e860*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0102.936] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0102.937] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0102.937] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x2340a18, cb=0x18 | out: lpmodinfo=0x2340a18*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0102.938] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0102.939] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0102.940] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x2342bb0, cb=0x18 | out: lpmodinfo=0x2342bb0*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0102.940] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0102.941] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0102.942] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x2344d68, cb=0x18 | out: lpmodinfo=0x2344d68*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0102.943] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0102.943] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0102.945] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x2346f20, cb=0x18 | out: lpmodinfo=0x2346f20*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0102.946] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0102.947] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0102.948] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x23490c8, cb=0x18 | out: lpmodinfo=0x23490c8*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0102.948] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0102.949] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0102.950] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x234b280, cb=0x18 | out: lpmodinfo=0x234b280*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0102.951] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0102.951] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0102.952] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x234d448, cb=0x18 | out: lpmodinfo=0x234d448*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0102.953] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0102.954] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0102.955] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x234f5f0, cb=0x18 | out: lpmodinfo=0x234f5f0*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0102.956] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0102.957] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0102.957] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x23517a8, cb=0x18 | out: lpmodinfo=0x23517a8*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0102.958] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0102.959] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0102.960] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x2353950, cb=0x18 | out: lpmodinfo=0x2353950*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0102.961] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0102.962] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0102.963] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x2355af8, cb=0x18 | out: lpmodinfo=0x2355af8*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0102.964] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0102.965] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0102.966] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x2357ca0, cb=0x18 | out: lpmodinfo=0x2357ca0*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0102.967] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0102.968] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0102.969] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x2359e58, cb=0x18 | out: lpmodinfo=0x2359e58*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0102.970] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0102.970] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0102.971] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x235c010, cb=0x18 | out: lpmodinfo=0x235c010*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0102.972] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0102.973] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0102.974] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x235e1b8, cb=0x18 | out: lpmodinfo=0x235e1b8*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0102.975] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0102.976] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0102.976] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x2360360, cb=0x18 | out: lpmodinfo=0x2360360*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0102.977] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0102.978] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0102.979] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x2362508, cb=0x18 | out: lpmodinfo=0x2362508*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0102.980] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0102.981] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0102.982] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x23646c0, cb=0x18 | out: lpmodinfo=0x23646c0*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0102.982] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0102.983] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0102.984] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x2366868, cb=0x18 | out: lpmodinfo=0x2366868*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0102.985] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0102.986] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0102.987] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x2368a10, cb=0x18 | out: lpmodinfo=0x2368a10*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0102.988] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0102.989] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0102.990] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x236abd8, cb=0x18 | out: lpmodinfo=0x236abd8*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0102.991] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0102.992] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0102.993] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x236cd80, cb=0x18 | out: lpmodinfo=0x236cd80*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0102.994] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0102.995] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0102.996] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x236ef28, cb=0x18 | out: lpmodinfo=0x236ef28*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0102.997] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0102.998] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0103.000] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x23710e0, cb=0x18 | out: lpmodinfo=0x23710e0*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0103.001] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0103.002] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0103.003] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x2373350, cb=0x18 | out: lpmodinfo=0x2373350*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0103.004] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0103.005] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0103.006] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x23755e0, cb=0x18 | out: lpmodinfo=0x23755e0*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0103.007] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0103.008] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0103.009] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x2377788, cb=0x18 | out: lpmodinfo=0x2377788*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0103.011] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0103.012] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0103.013] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x23799f8, cb=0x18 | out: lpmodinfo=0x23799f8*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0103.014] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0103.015] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0103.047] CloseHandle (hObject=0x260) returned 1 [0103.057] GetCurrentProcessId () returned 0x13e0 [0103.057] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0103.057] EnumProcessModules (in: hProcess=0x260, lphModule=0x24c3988, cb=0x200, lpcbNeeded=0x14dab8 | out: lphModule=0x24c3988, lpcbNeeded=0x14dab8) returned 1 [0103.059] EnumProcessModules (in: hProcess=0x260, lphModule=0x24c3ba0, cb=0x400, lpcbNeeded=0x14dab8 | out: lphModule=0x24c3ba0, lpcbNeeded=0x14dab8) returned 1 [0103.060] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x24c4010, cb=0x18 | out: lpmodinfo=0x24c4010*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0103.060] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0103.060] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0103.061] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x24c62f0, cb=0x18 | out: lpmodinfo=0x24c62f0*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0103.061] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0103.061] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0103.061] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x24c8498, cb=0x18 | out: lpmodinfo=0x24c8498*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0103.061] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0103.061] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0103.062] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x24ca640, cb=0x18 | out: lpmodinfo=0x24ca640*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0103.062] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0103.062] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0103.062] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x24cc7f8, cb=0x18 | out: lpmodinfo=0x24cc7f8*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0103.063] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0103.063] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0103.063] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x24cea08, cb=0x18 | out: lpmodinfo=0x24cea08*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0103.063] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0103.063] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0103.064] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x24d0bb0, cb=0x18 | out: lpmodinfo=0x24d0bb0*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0103.064] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0103.064] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0103.064] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x24d2d68, cb=0x18 | out: lpmodinfo=0x24d2d68*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0103.065] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0103.065] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0103.065] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x24d4f10, cb=0x18 | out: lpmodinfo=0x24d4f10*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0103.066] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0103.066] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0103.066] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x24d7150, cb=0x18 | out: lpmodinfo=0x24d7150*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0103.066] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0103.067] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0103.067] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x24d92f8, cb=0x18 | out: lpmodinfo=0x24d92f8*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0103.067] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0103.068] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0103.068] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x24db4e8, cb=0x18 | out: lpmodinfo=0x24db4e8*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0103.069] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0103.069] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0103.069] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x24dd690, cb=0x18 | out: lpmodinfo=0x24dd690*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0103.070] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0103.070] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0103.071] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x24df838, cb=0x18 | out: lpmodinfo=0x24df838*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0103.071] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0103.072] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0103.072] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x24e1a10, cb=0x18 | out: lpmodinfo=0x24e1a10*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0103.072] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0103.073] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0103.073] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x24e3bb8, cb=0x18 | out: lpmodinfo=0x24e3bb8*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0103.074] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0103.074] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0103.075] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x24e5d60, cb=0x18 | out: lpmodinfo=0x24e5d60*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0103.075] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0103.076] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0103.076] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x24e8020, cb=0x18 | out: lpmodinfo=0x24e8020*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0103.076] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0103.077] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0103.077] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x24ea1e8, cb=0x18 | out: lpmodinfo=0x24ea1e8*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0103.078] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0103.079] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0103.079] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x24ec390, cb=0x18 | out: lpmodinfo=0x24ec390*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0103.080] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0103.098] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0103.099] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x21c7b70, cb=0x18 | out: lpmodinfo=0x21c7b70*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0103.099] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0103.100] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0103.101] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x21c9d48, cb=0x18 | out: lpmodinfo=0x21c9d48*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0103.101] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0103.102] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0103.102] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x21cbf90, cb=0x18 | out: lpmodinfo=0x21cbf90*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0103.103] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0103.103] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0103.104] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x21ce138, cb=0x18 | out: lpmodinfo=0x21ce138*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0103.104] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0103.105] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0103.106] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x21d0318, cb=0x18 | out: lpmodinfo=0x21d0318*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0103.106] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0103.107] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0103.107] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x21d24d0, cb=0x18 | out: lpmodinfo=0x21d24d0*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0103.108] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0103.108] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0103.109] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x21d4710, cb=0x18 | out: lpmodinfo=0x21d4710*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0103.110] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0103.110] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0103.111] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x21d6968, cb=0x18 | out: lpmodinfo=0x21d6968*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0103.112] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0103.112] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0103.113] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x21d8bf8, cb=0x18 | out: lpmodinfo=0x21d8bf8*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0103.114] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0103.114] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0103.115] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x21dae50, cb=0x18 | out: lpmodinfo=0x21dae50*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0103.115] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0103.116] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0103.117] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x21dd008, cb=0x18 | out: lpmodinfo=0x21dd008*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0103.117] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0103.120] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0103.120] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x21df1b0, cb=0x18 | out: lpmodinfo=0x21df1b0*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0103.121] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0103.122] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0103.122] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x21e1358, cb=0x18 | out: lpmodinfo=0x21e1358*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0103.123] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0103.124] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0103.124] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x21e3718, cb=0x18 | out: lpmodinfo=0x21e3718*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0103.125] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0103.126] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0103.127] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x21e58c0, cb=0x18 | out: lpmodinfo=0x21e58c0*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0103.127] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0103.128] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0103.129] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x21e7a68, cb=0x18 | out: lpmodinfo=0x21e7a68*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0103.130] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0103.130] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0103.131] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x21e9c50, cb=0x18 | out: lpmodinfo=0x21e9c50*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0103.132] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0103.133] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0103.134] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x21ebe08, cb=0x18 | out: lpmodinfo=0x21ebe08*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0103.135] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0103.135] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0103.136] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x21edfa0, cb=0x18 | out: lpmodinfo=0x21edfa0*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0103.137] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0103.138] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0103.138] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x21f0158, cb=0x18 | out: lpmodinfo=0x21f0158*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0103.139] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0103.140] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0103.140] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x21f2310, cb=0x18 | out: lpmodinfo=0x21f2310*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0103.141] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0103.142] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0103.143] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x21f44b8, cb=0x18 | out: lpmodinfo=0x21f44b8*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0103.144] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0103.144] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0103.145] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x21f6670, cb=0x18 | out: lpmodinfo=0x21f6670*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0103.156] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0103.157] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0103.158] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x21f8838, cb=0x18 | out: lpmodinfo=0x21f8838*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0103.159] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0103.160] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0103.161] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x21fa9e0, cb=0x18 | out: lpmodinfo=0x21fa9e0*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0103.162] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0103.194] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0103.195] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x21fcb98, cb=0x18 | out: lpmodinfo=0x21fcb98*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0103.196] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0103.197] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0103.198] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x21fed40, cb=0x18 | out: lpmodinfo=0x21fed40*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0103.199] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0103.212] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0103.213] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x2200ee8, cb=0x18 | out: lpmodinfo=0x2200ee8*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0103.214] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0103.217] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0103.218] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x2203090, cb=0x18 | out: lpmodinfo=0x2203090*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0103.219] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0103.221] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0103.222] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x2205248, cb=0x18 | out: lpmodinfo=0x2205248*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0103.224] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0103.225] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0103.226] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x2207400, cb=0x18 | out: lpmodinfo=0x2207400*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0103.227] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0103.228] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0103.229] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x22095a8, cb=0x18 | out: lpmodinfo=0x22095a8*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0103.231] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0103.232] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0103.233] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x220b750, cb=0x18 | out: lpmodinfo=0x220b750*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0103.234] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0103.235] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0103.236] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x220d8f8, cb=0x18 | out: lpmodinfo=0x220d8f8*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0103.237] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0103.238] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0103.240] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x220fab0, cb=0x18 | out: lpmodinfo=0x220fab0*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0103.241] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0103.242] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0103.243] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x2211c58, cb=0x18 | out: lpmodinfo=0x2211c58*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0103.244] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0103.245] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0103.247] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x2213e00, cb=0x18 | out: lpmodinfo=0x2213e00*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0103.248] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0103.313] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0103.314] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x2215fc8, cb=0x18 | out: lpmodinfo=0x2215fc8*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0103.315] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0103.316] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0103.317] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x2218170, cb=0x18 | out: lpmodinfo=0x2218170*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0103.319] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0103.320] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0103.321] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x221a318, cb=0x18 | out: lpmodinfo=0x221a318*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0103.323] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0103.324] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0103.325] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x221c4d0, cb=0x18 | out: lpmodinfo=0x221c4d0*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0103.326] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0103.327] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0103.329] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x221e740, cb=0x18 | out: lpmodinfo=0x221e740*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0103.330] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0103.331] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0103.333] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x22209d0, cb=0x18 | out: lpmodinfo=0x22209d0*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0103.334] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0103.335] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0103.336] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x2222b78, cb=0x18 | out: lpmodinfo=0x2222b78*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0103.338] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0103.339] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0103.340] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x2224de8, cb=0x18 | out: lpmodinfo=0x2224de8*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0103.342] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0103.343] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0103.345] CloseHandle (hObject=0x260) returned 1 [0103.369] GetCurrentProcessId () returned 0x13e0 [0103.369] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0103.369] EnumProcessModules (in: hProcess=0x260, lphModule=0x23191e8, cb=0x200, lpcbNeeded=0x14dab8 | out: lphModule=0x23191e8, lpcbNeeded=0x14dab8) returned 1 [0103.370] EnumProcessModules (in: hProcess=0x260, lphModule=0x2319400, cb=0x400, lpcbNeeded=0x14dab8 | out: lphModule=0x2319400, lpcbNeeded=0x14dab8) returned 1 [0103.372] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x2319870, cb=0x18 | out: lpmodinfo=0x2319870*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0103.372] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.372] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0103.372] CoTaskMemFree (pv=0x584730) [0103.372] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.372] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0103.372] CoTaskMemFree (pv=0x584730) [0103.372] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x231bb50, cb=0x18 | out: lpmodinfo=0x231bb50*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0103.373] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.373] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0103.373] CoTaskMemFree (pv=0x584730) [0103.373] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.373] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0103.373] CoTaskMemFree (pv=0x584730) [0103.373] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x231dcf8, cb=0x18 | out: lpmodinfo=0x231dcf8*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0103.373] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.373] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0103.374] CoTaskMemFree (pv=0x584730) [0103.374] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.374] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0103.374] CoTaskMemFree (pv=0x584730) [0103.374] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x231fea0, cb=0x18 | out: lpmodinfo=0x231fea0*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0103.374] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.374] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0103.375] CoTaskMemFree (pv=0x584730) [0103.375] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.375] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0103.375] CoTaskMemFree (pv=0x584730) [0103.375] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x2322058, cb=0x18 | out: lpmodinfo=0x2322058*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0103.375] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.375] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0103.375] CoTaskMemFree (pv=0x584730) [0103.375] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.375] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0103.375] CoTaskMemFree (pv=0x584730) [0103.376] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x2324268, cb=0x18 | out: lpmodinfo=0x2324268*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0103.376] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.376] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0103.376] CoTaskMemFree (pv=0x584730) [0103.376] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.376] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0103.407] CoTaskMemFree (pv=0x584730) [0103.407] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x2326410, cb=0x18 | out: lpmodinfo=0x2326410*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0103.407] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.407] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0103.408] CoTaskMemFree (pv=0x584730) [0103.408] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.408] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0103.408] CoTaskMemFree (pv=0x584730) [0103.408] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x23285c8, cb=0x18 | out: lpmodinfo=0x23285c8*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0103.409] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.409] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0103.409] CoTaskMemFree (pv=0x584730) [0103.409] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.409] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0103.409] CoTaskMemFree (pv=0x584730) [0103.409] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x232a770, cb=0x18 | out: lpmodinfo=0x232a770*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0103.410] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.410] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0103.410] CoTaskMemFree (pv=0x584730) [0103.410] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.410] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0103.411] CoTaskMemFree (pv=0x584730) [0103.411] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x232c9b0, cb=0x18 | out: lpmodinfo=0x232c9b0*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0103.411] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.411] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0103.411] CoTaskMemFree (pv=0x584730) [0103.411] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.411] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0103.412] CoTaskMemFree (pv=0x584730) [0103.412] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x232eb58, cb=0x18 | out: lpmodinfo=0x232eb58*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0103.412] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.412] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0103.412] CoTaskMemFree (pv=0x584730) [0103.412] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.412] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0103.413] CoTaskMemFree (pv=0x584730) [0103.413] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x2330d48, cb=0x18 | out: lpmodinfo=0x2330d48*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0103.413] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.413] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0103.414] CoTaskMemFree (pv=0x584730) [0103.414] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.414] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0103.414] CoTaskMemFree (pv=0x584730) [0103.414] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x2332ef0, cb=0x18 | out: lpmodinfo=0x2332ef0*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0103.414] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.414] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0103.416] CoTaskMemFree (pv=0x584730) [0103.416] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.416] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0103.416] CoTaskMemFree (pv=0x584730) [0103.416] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x2335098, cb=0x18 | out: lpmodinfo=0x2335098*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0103.416] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.416] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0103.417] CoTaskMemFree (pv=0x584730) [0103.417] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.417] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0103.417] CoTaskMemFree (pv=0x584730) [0103.417] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x2337270, cb=0x18 | out: lpmodinfo=0x2337270*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0103.419] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.419] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0103.419] CoTaskMemFree (pv=0x584730) [0103.419] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.419] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0103.420] CoTaskMemFree (pv=0x584730) [0103.420] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x2339418, cb=0x18 | out: lpmodinfo=0x2339418*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0103.420] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.420] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0103.420] CoTaskMemFree (pv=0x584730) [0103.420] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.420] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0103.421] CoTaskMemFree (pv=0x584730) [0103.421] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x233b5c0, cb=0x18 | out: lpmodinfo=0x233b5c0*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0103.421] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.422] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0103.422] CoTaskMemFree (pv=0x584730) [0103.422] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.422] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0103.422] CoTaskMemFree (pv=0x584730) [0103.422] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x233d880, cb=0x18 | out: lpmodinfo=0x233d880*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0103.423] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.423] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0103.424] CoTaskMemFree (pv=0x584730) [0103.424] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.424] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0103.424] CoTaskMemFree (pv=0x584730) [0103.424] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x233fa48, cb=0x18 | out: lpmodinfo=0x233fa48*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0103.425] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.425] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0103.425] CoTaskMemFree (pv=0x584730) [0103.425] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.425] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0103.426] CoTaskMemFree (pv=0x584730) [0103.426] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x2341bf0, cb=0x18 | out: lpmodinfo=0x2341bf0*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0103.426] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.426] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0103.427] CoTaskMemFree (pv=0x584730) [0103.427] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.427] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0103.427] CoTaskMemFree (pv=0x584730) [0103.427] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x2343dc0, cb=0x18 | out: lpmodinfo=0x2343dc0*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0103.428] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.428] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0103.428] CoTaskMemFree (pv=0x584730) [0103.428] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.428] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0103.429] CoTaskMemFree (pv=0x584730) [0103.429] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x2345f98, cb=0x18 | out: lpmodinfo=0x2345f98*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0103.429] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.429] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0103.430] CoTaskMemFree (pv=0x584730) [0103.430] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.430] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0103.430] CoTaskMemFree (pv=0x584730) [0103.430] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x23481e0, cb=0x18 | out: lpmodinfo=0x23481e0*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0103.430] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.430] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0103.431] CoTaskMemFree (pv=0x584730) [0103.431] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.431] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0103.432] CoTaskMemFree (pv=0x584730) [0103.432] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x234a388, cb=0x18 | out: lpmodinfo=0x234a388*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0103.432] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.432] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0103.433] CoTaskMemFree (pv=0x584730) [0103.433] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.433] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0103.433] CoTaskMemFree (pv=0x584730) [0103.433] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x234c568, cb=0x18 | out: lpmodinfo=0x234c568*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0103.434] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.434] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0103.434] CoTaskMemFree (pv=0x584730) [0103.434] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.434] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0103.435] CoTaskMemFree (pv=0x584730) [0103.435] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x234e720, cb=0x18 | out: lpmodinfo=0x234e720*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0103.436] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.437] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0103.437] CoTaskMemFree (pv=0x584730) [0103.437] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.437] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0103.438] CoTaskMemFree (pv=0x584730) [0103.438] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x2350960, cb=0x18 | out: lpmodinfo=0x2350960*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0103.439] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.439] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0103.440] CoTaskMemFree (pv=0x584730) [0103.440] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.440] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0103.441] CoTaskMemFree (pv=0x584730) [0103.441] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x2352bb8, cb=0x18 | out: lpmodinfo=0x2352bb8*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0103.441] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.441] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0103.442] CoTaskMemFree (pv=0x584730) [0103.442] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.442] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0103.443] CoTaskMemFree (pv=0x584730) [0103.443] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x2354e48, cb=0x18 | out: lpmodinfo=0x2354e48*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0103.443] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.443] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0103.444] CoTaskMemFree (pv=0x584730) [0103.444] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.444] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0103.444] CoTaskMemFree (pv=0x584730) [0103.444] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x23570a0, cb=0x18 | out: lpmodinfo=0x23570a0*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0103.445] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.445] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0103.446] CoTaskMemFree (pv=0x584730) [0103.446] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.446] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0103.446] CoTaskMemFree (pv=0x584730) [0103.446] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x2359258, cb=0x18 | out: lpmodinfo=0x2359258*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0103.447] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.447] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0103.448] CoTaskMemFree (pv=0x584730) [0103.448] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.448] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0103.448] CoTaskMemFree (pv=0x584730) [0103.448] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x235b400, cb=0x18 | out: lpmodinfo=0x235b400*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0103.449] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.449] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0103.450] CoTaskMemFree (pv=0x584730) [0103.450] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.450] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0103.451] CoTaskMemFree (pv=0x584730) [0103.451] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x235d5a8, cb=0x18 | out: lpmodinfo=0x235d5a8*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0103.451] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.452] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0103.452] CoTaskMemFree (pv=0x584730) [0103.452] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.452] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0103.453] CoTaskMemFree (pv=0x584730) [0103.453] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x235f968, cb=0x18 | out: lpmodinfo=0x235f968*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0103.454] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.454] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0103.455] CoTaskMemFree (pv=0x584730) [0103.455] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.455] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0103.455] CoTaskMemFree (pv=0x584730) [0103.456] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x2361b10, cb=0x18 | out: lpmodinfo=0x2361b10*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0103.456] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.456] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0103.457] CoTaskMemFree (pv=0x584730) [0103.457] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.457] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0103.457] CoTaskMemFree (pv=0x584730) [0103.457] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x2363cb8, cb=0x18 | out: lpmodinfo=0x2363cb8*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0103.458] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.458] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0103.459] CoTaskMemFree (pv=0x584730) [0103.459] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.459] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0103.460] CoTaskMemFree (pv=0x584730) [0103.460] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x2365ea0, cb=0x18 | out: lpmodinfo=0x2365ea0*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0103.460] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.460] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0103.461] CoTaskMemFree (pv=0x584730) [0103.461] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.461] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0103.462] CoTaskMemFree (pv=0x584730) [0103.462] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x2368058, cb=0x18 | out: lpmodinfo=0x2368058*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0103.464] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.464] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0103.465] CoTaskMemFree (pv=0x584730) [0103.465] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.465] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0103.465] CoTaskMemFree (pv=0x584730) [0103.465] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x236a1f0, cb=0x18 | out: lpmodinfo=0x236a1f0*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0103.466] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.466] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0103.467] CoTaskMemFree (pv=0x584730) [0103.467] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.467] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0103.468] CoTaskMemFree (pv=0x584730) [0103.468] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x236c3a8, cb=0x18 | out: lpmodinfo=0x236c3a8*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0103.469] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.469] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0103.470] CoTaskMemFree (pv=0x584730) [0103.470] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.470] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0103.471] CoTaskMemFree (pv=0x584730) [0103.471] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x236e560, cb=0x18 | out: lpmodinfo=0x236e560*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0103.472] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.472] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0103.473] CoTaskMemFree (pv=0x584730) [0103.473] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.473] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0103.474] CoTaskMemFree (pv=0x584730) [0103.474] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x2370708, cb=0x18 | out: lpmodinfo=0x2370708*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0103.475] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.475] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0103.476] CoTaskMemFree (pv=0x584730) [0103.476] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.476] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0103.477] CoTaskMemFree (pv=0x584730) [0103.477] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x23728c0, cb=0x18 | out: lpmodinfo=0x23728c0*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0103.478] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.478] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0103.479] CoTaskMemFree (pv=0x584730) [0103.479] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.479] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0103.480] CoTaskMemFree (pv=0x584730) [0103.480] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x2374a88, cb=0x18 | out: lpmodinfo=0x2374a88*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0103.480] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.480] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0103.481] CoTaskMemFree (pv=0x584730) [0103.481] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.481] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0103.482] CoTaskMemFree (pv=0x584730) [0103.482] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x2376c30, cb=0x18 | out: lpmodinfo=0x2376c30*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0103.483] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.483] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0103.484] CoTaskMemFree (pv=0x584730) [0103.484] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.484] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0103.485] CoTaskMemFree (pv=0x584730) [0103.485] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x2378de8, cb=0x18 | out: lpmodinfo=0x2378de8*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0103.486] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.486] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0103.487] CoTaskMemFree (pv=0x584730) [0103.487] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.487] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0103.488] CoTaskMemFree (pv=0x584730) [0103.488] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x237af90, cb=0x18 | out: lpmodinfo=0x237af90*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0103.489] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.489] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0103.489] CoTaskMemFree (pv=0x584730) [0103.489] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.489] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0103.490] CoTaskMemFree (pv=0x584730) [0103.490] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x237d138, cb=0x18 | out: lpmodinfo=0x237d138*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0103.491] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.491] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0103.492] CoTaskMemFree (pv=0x584730) [0103.492] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.492] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0103.493] CoTaskMemFree (pv=0x584730) [0103.493] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x237f2e0, cb=0x18 | out: lpmodinfo=0x237f2e0*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0103.494] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.494] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0103.495] CoTaskMemFree (pv=0x584730) [0103.495] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.495] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0103.496] CoTaskMemFree (pv=0x584730) [0103.496] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x2381498, cb=0x18 | out: lpmodinfo=0x2381498*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0103.497] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.497] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0103.497] CoTaskMemFree (pv=0x584730) [0103.497] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.497] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0103.498] CoTaskMemFree (pv=0x584730) [0103.498] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x2383650, cb=0x18 | out: lpmodinfo=0x2383650*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0103.499] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.499] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0103.501] CoTaskMemFree (pv=0x584730) [0103.501] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.501] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0103.502] CoTaskMemFree (pv=0x584730) [0103.502] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x23857f8, cb=0x18 | out: lpmodinfo=0x23857f8*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0103.503] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.503] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0103.504] CoTaskMemFree (pv=0x584730) [0103.504] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.504] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0103.505] CoTaskMemFree (pv=0x584730) [0103.505] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x23879a0, cb=0x18 | out: lpmodinfo=0x23879a0*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0103.506] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.506] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0103.507] CoTaskMemFree (pv=0x584730) [0103.507] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.507] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0103.508] CoTaskMemFree (pv=0x584730) [0103.508] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x2389b48, cb=0x18 | out: lpmodinfo=0x2389b48*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0103.509] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.509] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0103.510] CoTaskMemFree (pv=0x584730) [0103.510] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.510] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0103.511] CoTaskMemFree (pv=0x584730) [0103.511] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x238bd00, cb=0x18 | out: lpmodinfo=0x238bd00*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0103.513] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.513] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0103.514] CoTaskMemFree (pv=0x584730) [0103.514] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.514] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0103.515] CoTaskMemFree (pv=0x584730) [0103.515] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x238dea8, cb=0x18 | out: lpmodinfo=0x238dea8*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0103.516] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.516] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0103.548] CoTaskMemFree (pv=0x584730) [0103.548] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.548] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0103.549] CoTaskMemFree (pv=0x584730) [0103.549] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x2390050, cb=0x18 | out: lpmodinfo=0x2390050*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0103.550] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.551] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0103.552] CoTaskMemFree (pv=0x584730) [0103.552] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.552] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0103.553] CoTaskMemFree (pv=0x584730) [0103.553] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x2392218, cb=0x18 | out: lpmodinfo=0x2392218*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0103.554] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.554] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0103.555] CoTaskMemFree (pv=0x584730) [0103.555] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.555] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0103.557] CoTaskMemFree (pv=0x584730) [0103.557] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x23943c0, cb=0x18 | out: lpmodinfo=0x23943c0*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0103.558] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.558] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0103.559] CoTaskMemFree (pv=0x584730) [0103.559] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.559] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0103.560] CoTaskMemFree (pv=0x584730) [0103.560] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x2396568, cb=0x18 | out: lpmodinfo=0x2396568*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0103.562] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.562] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0103.564] CoTaskMemFree (pv=0x584730) [0103.564] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.564] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0103.565] CoTaskMemFree (pv=0x584730) [0103.566] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x2398720, cb=0x18 | out: lpmodinfo=0x2398720*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0103.566] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.567] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0103.567] CoTaskMemFree (pv=0x584730) [0103.567] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.568] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0103.568] CoTaskMemFree (pv=0x584730) [0103.568] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x239a990, cb=0x18 | out: lpmodinfo=0x239a990*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0103.569] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.569] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0103.570] CoTaskMemFree (pv=0x584730) [0103.570] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.570] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0103.571] CoTaskMemFree (pv=0x584730) [0103.572] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x239cc20, cb=0x18 | out: lpmodinfo=0x239cc20*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0103.572] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.572] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0103.574] CoTaskMemFree (pv=0x584730) [0103.574] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.574] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0103.576] CoTaskMemFree (pv=0x584730) [0103.576] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x239edc8, cb=0x18 | out: lpmodinfo=0x239edc8*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0103.577] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.577] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0103.578] CoTaskMemFree (pv=0x584730) [0103.578] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.578] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0103.580] CoTaskMemFree (pv=0x584730) [0103.580] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x23a1038, cb=0x18 | out: lpmodinfo=0x23a1038*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0103.581] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.581] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0103.583] CoTaskMemFree (pv=0x584730) [0103.583] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.583] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0103.585] CoTaskMemFree (pv=0x584730) [0103.585] CloseHandle (hObject=0x260) returned 1 [0103.608] GetCurrentProcessId () returned 0x13e0 [0103.608] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0103.608] EnumProcessModules (in: hProcess=0x260, lphModule=0x22f97b0, cb=0x200, lpcbNeeded=0x14dab8 | out: lphModule=0x22f97b0, lpcbNeeded=0x14dab8) returned 1 [0103.609] EnumProcessModules (in: hProcess=0x260, lphModule=0x22f99c8, cb=0x400, lpcbNeeded=0x14dab8 | out: lphModule=0x22f99c8, lpcbNeeded=0x14dab8) returned 1 [0103.610] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x22f9e38, cb=0x18 | out: lpmodinfo=0x22f9e38*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0103.610] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.610] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0103.610] CoTaskMemFree (pv=0x584730) [0103.610] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.610] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0103.611] CoTaskMemFree (pv=0x584730) [0103.611] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x22fc118, cb=0x18 | out: lpmodinfo=0x22fc118*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0103.611] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.611] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0103.611] CoTaskMemFree (pv=0x584730) [0103.611] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.611] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0103.611] CoTaskMemFree (pv=0x584730) [0103.611] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x22fe2c0, cb=0x18 | out: lpmodinfo=0x22fe2c0*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0103.611] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.611] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0103.612] CoTaskMemFree (pv=0x584730) [0103.612] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.612] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0103.612] CoTaskMemFree (pv=0x584730) [0103.612] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x2300468, cb=0x18 | out: lpmodinfo=0x2300468*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0103.612] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.612] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0103.612] CoTaskMemFree (pv=0x584730) [0103.612] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.612] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0103.613] CoTaskMemFree (pv=0x584730) [0103.613] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x2302620, cb=0x18 | out: lpmodinfo=0x2302620*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0103.613] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.613] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0103.613] CoTaskMemFree (pv=0x584730) [0103.613] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.613] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0103.614] CoTaskMemFree (pv=0x584730) [0103.614] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x2304830, cb=0x18 | out: lpmodinfo=0x2304830*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0103.614] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.614] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0103.614] CoTaskMemFree (pv=0x584730) [0103.614] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.614] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0103.615] CoTaskMemFree (pv=0x584730) [0103.615] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x23069d8, cb=0x18 | out: lpmodinfo=0x23069d8*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0103.615] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.615] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0103.615] CoTaskMemFree (pv=0x584730) [0103.615] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.615] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0103.616] CoTaskMemFree (pv=0x584730) [0103.616] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x2308b90, cb=0x18 | out: lpmodinfo=0x2308b90*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0103.616] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.616] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0103.616] CoTaskMemFree (pv=0x584730) [0103.616] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.616] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0103.617] CoTaskMemFree (pv=0x584730) [0103.617] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x230ad38, cb=0x18 | out: lpmodinfo=0x230ad38*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0103.617] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.617] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0103.617] CoTaskMemFree (pv=0x584730) [0103.617] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.617] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0103.618] CoTaskMemFree (pv=0x584730) [0103.618] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x230cf78, cb=0x18 | out: lpmodinfo=0x230cf78*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0103.618] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.618] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0103.619] CoTaskMemFree (pv=0x584730) [0103.619] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.619] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0103.619] CoTaskMemFree (pv=0x584730) [0103.619] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x230f120, cb=0x18 | out: lpmodinfo=0x230f120*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0103.619] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.619] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0103.620] CoTaskMemFree (pv=0x584730) [0103.620] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.620] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0103.620] CoTaskMemFree (pv=0x584730) [0103.620] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x2311310, cb=0x18 | out: lpmodinfo=0x2311310*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0103.620] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.620] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0103.621] CoTaskMemFree (pv=0x584730) [0103.621] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.621] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0103.621] CoTaskMemFree (pv=0x584730) [0103.621] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x23134b8, cb=0x18 | out: lpmodinfo=0x23134b8*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0103.622] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.622] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0103.635] CoTaskMemFree (pv=0x584730) [0103.635] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.635] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0103.635] CoTaskMemFree (pv=0x584730) [0103.635] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x2315660, cb=0x18 | out: lpmodinfo=0x2315660*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0103.636] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.636] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0103.636] CoTaskMemFree (pv=0x584730) [0103.636] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.636] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0103.637] CoTaskMemFree (pv=0x584730) [0103.637] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x2317838, cb=0x18 | out: lpmodinfo=0x2317838*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0103.637] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.637] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0103.638] CoTaskMemFree (pv=0x584730) [0103.638] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.638] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0103.638] CoTaskMemFree (pv=0x584730) [0103.638] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x23199e0, cb=0x18 | out: lpmodinfo=0x23199e0*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0103.639] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.639] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0103.639] CoTaskMemFree (pv=0x584730) [0103.639] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.639] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0103.640] CoTaskMemFree (pv=0x584730) [0103.640] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x231bb88, cb=0x18 | out: lpmodinfo=0x231bb88*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0103.640] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.640] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0103.641] CoTaskMemFree (pv=0x584730) [0103.641] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.641] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0103.641] CoTaskMemFree (pv=0x584730) [0103.641] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x231de48, cb=0x18 | out: lpmodinfo=0x231de48*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0103.641] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.641] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0103.642] CoTaskMemFree (pv=0x584730) [0103.642] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.642] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0103.642] CoTaskMemFree (pv=0x584730) [0103.642] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x2320010, cb=0x18 | out: lpmodinfo=0x2320010*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0103.643] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.643] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0103.643] CoTaskMemFree (pv=0x584730) [0103.643] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.643] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0103.644] CoTaskMemFree (pv=0x584730) [0103.644] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x23221b8, cb=0x18 | out: lpmodinfo=0x23221b8*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0103.644] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.644] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0103.645] CoTaskMemFree (pv=0x584730) [0103.645] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.645] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0103.645] CoTaskMemFree (pv=0x584730) [0103.645] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x2324388, cb=0x18 | out: lpmodinfo=0x2324388*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0103.646] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.646] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0103.646] CoTaskMemFree (pv=0x584730) [0103.646] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.646] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0103.647] CoTaskMemFree (pv=0x584730) [0103.647] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x2326560, cb=0x18 | out: lpmodinfo=0x2326560*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0103.647] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.647] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0103.648] CoTaskMemFree (pv=0x584730) [0103.648] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.648] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0103.649] CoTaskMemFree (pv=0x584730) [0103.650] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x23287a8, cb=0x18 | out: lpmodinfo=0x23287a8*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0103.650] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.650] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0103.651] CoTaskMemFree (pv=0x584730) [0103.651] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.651] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0103.651] CoTaskMemFree (pv=0x584730) [0103.651] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x232a950, cb=0x18 | out: lpmodinfo=0x232a950*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0103.652] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.652] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0103.652] CoTaskMemFree (pv=0x584730) [0103.652] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.652] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0103.653] CoTaskMemFree (pv=0x584730) [0103.653] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x232cb30, cb=0x18 | out: lpmodinfo=0x232cb30*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0103.653] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.654] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0103.654] CoTaskMemFree (pv=0x584730) [0103.654] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.654] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0103.655] CoTaskMemFree (pv=0x584730) [0103.655] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x232ece8, cb=0x18 | out: lpmodinfo=0x232ece8*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0103.655] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.655] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0103.656] CoTaskMemFree (pv=0x584730) [0103.656] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.656] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0103.657] CoTaskMemFree (pv=0x584730) [0103.657] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x2330f28, cb=0x18 | out: lpmodinfo=0x2330f28*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0103.657] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.657] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0103.658] CoTaskMemFree (pv=0x584730) [0103.658] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.658] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0103.659] CoTaskMemFree (pv=0x584730) [0103.659] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x2333180, cb=0x18 | out: lpmodinfo=0x2333180*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0103.659] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.659] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0103.660] CoTaskMemFree (pv=0x584730) [0103.660] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.660] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0103.661] CoTaskMemFree (pv=0x584730) [0103.661] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x2335410, cb=0x18 | out: lpmodinfo=0x2335410*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0103.661] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.661] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0103.662] CoTaskMemFree (pv=0x584730) [0103.662] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.662] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0103.663] CoTaskMemFree (pv=0x584730) [0103.663] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x2337668, cb=0x18 | out: lpmodinfo=0x2337668*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0103.663] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.663] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0103.666] CoTaskMemFree (pv=0x584730) [0103.666] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.666] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0103.667] CoTaskMemFree (pv=0x584730) [0103.667] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x2339820, cb=0x18 | out: lpmodinfo=0x2339820*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0103.667] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.697] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0103.698] CoTaskMemFree (pv=0x584730) [0103.698] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.698] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0103.699] CoTaskMemFree (pv=0x584730) [0103.699] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x233b9c8, cb=0x18 | out: lpmodinfo=0x233b9c8*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0103.700] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.700] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0103.700] CoTaskMemFree (pv=0x584730) [0103.700] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.700] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0103.701] CoTaskMemFree (pv=0x584730) [0103.701] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x233db70, cb=0x18 | out: lpmodinfo=0x233db70*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0103.702] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.702] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0103.702] CoTaskMemFree (pv=0x584730) [0103.702] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.702] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0103.703] CoTaskMemFree (pv=0x584730) [0103.703] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x233ff30, cb=0x18 | out: lpmodinfo=0x233ff30*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0103.703] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.703] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0103.704] CoTaskMemFree (pv=0x584730) [0103.704] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.704] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0103.705] CoTaskMemFree (pv=0x584730) [0103.705] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x23420d8, cb=0x18 | out: lpmodinfo=0x23420d8*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0103.705] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.705] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0103.706] CoTaskMemFree (pv=0x584730) [0103.706] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.706] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0103.706] CoTaskMemFree (pv=0x584730) [0103.707] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x2344280, cb=0x18 | out: lpmodinfo=0x2344280*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0103.707] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.707] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0103.708] CoTaskMemFree (pv=0x584730) [0103.708] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.708] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0103.709] CoTaskMemFree (pv=0x584730) [0103.709] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x2346468, cb=0x18 | out: lpmodinfo=0x2346468*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0103.709] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.710] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0103.711] CoTaskMemFree (pv=0x584730) [0103.711] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.711] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0103.711] CoTaskMemFree (pv=0x584730) [0103.711] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x2348620, cb=0x18 | out: lpmodinfo=0x2348620*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0103.712] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.712] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0103.713] CoTaskMemFree (pv=0x584730) [0103.713] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.713] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0103.714] CoTaskMemFree (pv=0x584730) [0103.714] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x234a7b8, cb=0x18 | out: lpmodinfo=0x234a7b8*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0103.715] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.715] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0103.716] CoTaskMemFree (pv=0x584730) [0103.716] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.716] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0103.716] CoTaskMemFree (pv=0x584730) [0103.717] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x234c970, cb=0x18 | out: lpmodinfo=0x234c970*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0103.717] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.717] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0103.718] CoTaskMemFree (pv=0x584730) [0103.718] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.718] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0103.719] CoTaskMemFree (pv=0x584730) [0103.719] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x234eb28, cb=0x18 | out: lpmodinfo=0x234eb28*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0103.724] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.724] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0103.725] CoTaskMemFree (pv=0x584730) [0103.725] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.726] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0103.726] CoTaskMemFree (pv=0x584730) [0103.727] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x2350cd0, cb=0x18 | out: lpmodinfo=0x2350cd0*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0103.727] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.727] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0103.728] CoTaskMemFree (pv=0x584730) [0103.728] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.729] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0103.729] CoTaskMemFree (pv=0x584730) [0103.729] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x2352e88, cb=0x18 | out: lpmodinfo=0x2352e88*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0103.730] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.730] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0103.731] CoTaskMemFree (pv=0x584730) [0103.731] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.731] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0103.732] CoTaskMemFree (pv=0x584730) [0103.732] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x2355050, cb=0x18 | out: lpmodinfo=0x2355050*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0103.733] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.733] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0103.734] CoTaskMemFree (pv=0x584730) [0103.734] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.734] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0103.735] CoTaskMemFree (pv=0x584730) [0103.735] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x23571f8, cb=0x18 | out: lpmodinfo=0x23571f8*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0103.736] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.736] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0103.737] CoTaskMemFree (pv=0x584730) [0103.737] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.737] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0103.738] CoTaskMemFree (pv=0x584730) [0103.738] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x23593b0, cb=0x18 | out: lpmodinfo=0x23593b0*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0103.739] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.739] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0103.740] CoTaskMemFree (pv=0x584730) [0103.740] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.740] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0103.741] CoTaskMemFree (pv=0x584730) [0103.741] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x235b558, cb=0x18 | out: lpmodinfo=0x235b558*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0103.742] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.742] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0103.743] CoTaskMemFree (pv=0x584730) [0103.743] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.743] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0103.744] CoTaskMemFree (pv=0x584730) [0103.744] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x235d700, cb=0x18 | out: lpmodinfo=0x235d700*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0103.745] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.745] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0103.746] CoTaskMemFree (pv=0x584730) [0103.746] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.746] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0103.747] CoTaskMemFree (pv=0x584730) [0103.747] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x235f8a8, cb=0x18 | out: lpmodinfo=0x235f8a8*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0103.748] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.748] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0103.749] CoTaskMemFree (pv=0x584730) [0103.749] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.749] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0103.750] CoTaskMemFree (pv=0x584730) [0103.750] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x2361a60, cb=0x18 | out: lpmodinfo=0x2361a60*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0103.751] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.751] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0103.752] CoTaskMemFree (pv=0x584730) [0103.752] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.752] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0103.753] CoTaskMemFree (pv=0x584730) [0103.753] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x2363c18, cb=0x18 | out: lpmodinfo=0x2363c18*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0103.754] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.754] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0103.755] CoTaskMemFree (pv=0x584730) [0103.755] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.755] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0103.757] CoTaskMemFree (pv=0x584730) [0103.757] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x2365dc0, cb=0x18 | out: lpmodinfo=0x2365dc0*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0103.758] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.758] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0103.759] CoTaskMemFree (pv=0x584730) [0103.759] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.759] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0103.760] CoTaskMemFree (pv=0x584730) [0103.760] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x2367f68, cb=0x18 | out: lpmodinfo=0x2367f68*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0103.761] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.761] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0103.762] CoTaskMemFree (pv=0x584730) [0103.762] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.762] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0103.763] CoTaskMemFree (pv=0x584730) [0103.763] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x236a110, cb=0x18 | out: lpmodinfo=0x236a110*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0103.764] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.764] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0103.765] CoTaskMemFree (pv=0x584730) [0103.765] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.765] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0103.767] CoTaskMemFree (pv=0x584730) [0103.767] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x236c2c8, cb=0x18 | out: lpmodinfo=0x236c2c8*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0103.768] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.768] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0103.770] CoTaskMemFree (pv=0x584730) [0103.770] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.770] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0103.771] CoTaskMemFree (pv=0x584730) [0103.771] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x236e470, cb=0x18 | out: lpmodinfo=0x236e470*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0103.772] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.772] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0103.773] CoTaskMemFree (pv=0x584730) [0103.773] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.773] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0103.774] CoTaskMemFree (pv=0x584730) [0103.774] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x2370618, cb=0x18 | out: lpmodinfo=0x2370618*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0103.776] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.776] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0103.777] CoTaskMemFree (pv=0x584730) [0103.777] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.777] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0103.778] CoTaskMemFree (pv=0x584730) [0103.778] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x23727e0, cb=0x18 | out: lpmodinfo=0x23727e0*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0103.779] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.779] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0103.780] CoTaskMemFree (pv=0x584730) [0103.780] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.781] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0103.782] CoTaskMemFree (pv=0x584730) [0103.782] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x2374988, cb=0x18 | out: lpmodinfo=0x2374988*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0103.783] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.783] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0103.784] CoTaskMemFree (pv=0x584730) [0103.784] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.784] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0103.785] CoTaskMemFree (pv=0x584730) [0103.785] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x2376b30, cb=0x18 | out: lpmodinfo=0x2376b30*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0103.786] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0103.786] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0103.787] CoTaskMemFree (pv=0x584730) [0103.788] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0103.789] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x2378ce8, cb=0x18 | out: lpmodinfo=0x2378ce8*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0103.790] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0103.791] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0103.792] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x237af58, cb=0x18 | out: lpmodinfo=0x237af58*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0103.793] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0103.795] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0103.796] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x237d1e8, cb=0x18 | out: lpmodinfo=0x237d1e8*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0103.797] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0103.799] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0103.800] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x237f390, cb=0x18 | out: lpmodinfo=0x237f390*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0103.801] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0103.802] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0103.804] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x2381600, cb=0x18 | out: lpmodinfo=0x2381600*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0103.805] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0103.806] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0103.838] CloseHandle (hObject=0x260) returned 1 [0103.903] GetCurrentProcessId () returned 0x13e0 [0103.903] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0103.903] EnumProcessModules (in: hProcess=0x260, lphModule=0x220bd88, cb=0x200, lpcbNeeded=0x14dab8 | out: lphModule=0x220bd88, lpcbNeeded=0x14dab8) returned 1 [0103.905] EnumProcessModules (in: hProcess=0x260, lphModule=0x220bfa0, cb=0x400, lpcbNeeded=0x14dab8 | out: lphModule=0x220bfa0, lpcbNeeded=0x14dab8) returned 1 [0103.906] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x220c410, cb=0x18 | out: lpmodinfo=0x220c410*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0103.906] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0103.906] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0103.906] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x220e6f0, cb=0x18 | out: lpmodinfo=0x220e6f0*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0103.907] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0103.907] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0103.907] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x2210898, cb=0x18 | out: lpmodinfo=0x2210898*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0103.907] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0103.907] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0103.908] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x2212a40, cb=0x18 | out: lpmodinfo=0x2212a40*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0103.908] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0103.908] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0103.909] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x2214bf8, cb=0x18 | out: lpmodinfo=0x2214bf8*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0103.909] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0103.909] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0103.909] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x2216e08, cb=0x18 | out: lpmodinfo=0x2216e08*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0103.910] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0103.910] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0103.910] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x2218fb0, cb=0x18 | out: lpmodinfo=0x2218fb0*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0103.910] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0103.911] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0103.911] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x221b168, cb=0x18 | out: lpmodinfo=0x221b168*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0103.912] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0103.912] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0103.912] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x221d310, cb=0x18 | out: lpmodinfo=0x221d310*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0103.913] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0103.913] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0103.913] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x221f550, cb=0x18 | out: lpmodinfo=0x221f550*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0103.914] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0103.914] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0103.915] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x22216f8, cb=0x18 | out: lpmodinfo=0x22216f8*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0103.915] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0103.915] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0103.916] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x22238e8, cb=0x18 | out: lpmodinfo=0x22238e8*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0103.916] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0103.916] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0103.917] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x2225a90, cb=0x18 | out: lpmodinfo=0x2225a90*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0103.917] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0103.917] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0103.918] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x2227c38, cb=0x18 | out: lpmodinfo=0x2227c38*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0103.918] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0103.919] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0103.919] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x2229e10, cb=0x18 | out: lpmodinfo=0x2229e10*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0103.919] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0103.920] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0103.920] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x222bfb8, cb=0x18 | out: lpmodinfo=0x222bfb8*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0103.921] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0103.921] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0103.922] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x222e160, cb=0x18 | out: lpmodinfo=0x222e160*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0103.922] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0103.923] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0103.923] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x2230420, cb=0x18 | out: lpmodinfo=0x2230420*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0103.924] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0103.924] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0103.925] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x22325e8, cb=0x18 | out: lpmodinfo=0x22325e8*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0103.925] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0103.926] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0103.926] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x2234790, cb=0x18 | out: lpmodinfo=0x2234790*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0103.927] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0103.927] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0103.928] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x2236960, cb=0x18 | out: lpmodinfo=0x2236960*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0103.928] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0103.929] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0103.929] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x2238b38, cb=0x18 | out: lpmodinfo=0x2238b38*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0103.930] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0103.930] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0103.931] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x223ad80, cb=0x18 | out: lpmodinfo=0x223ad80*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0103.931] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0103.932] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0103.933] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x223cf28, cb=0x18 | out: lpmodinfo=0x223cf28*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0103.933] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0103.934] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0103.935] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x223f108, cb=0x18 | out: lpmodinfo=0x223f108*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0103.935] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0103.936] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0103.936] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x22412c0, cb=0x18 | out: lpmodinfo=0x22412c0*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0103.937] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0103.938] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0103.938] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x2243500, cb=0x18 | out: lpmodinfo=0x2243500*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0103.939] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0103.940] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0103.940] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x2245758, cb=0x18 | out: lpmodinfo=0x2245758*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0103.941] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0103.942] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0103.943] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x22479e8, cb=0x18 | out: lpmodinfo=0x22479e8*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0103.943] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0103.944] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0103.945] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x2249c40, cb=0x18 | out: lpmodinfo=0x2249c40*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0103.945] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0103.946] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0103.947] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x224bdf8, cb=0x18 | out: lpmodinfo=0x224bdf8*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0103.947] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0103.948] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0103.949] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x224dfa0, cb=0x18 | out: lpmodinfo=0x224dfa0*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0103.950] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0103.950] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0103.951] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x2250148, cb=0x18 | out: lpmodinfo=0x2250148*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0103.952] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0103.953] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0103.953] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x2252508, cb=0x18 | out: lpmodinfo=0x2252508*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0103.954] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0103.955] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0103.956] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x22546b0, cb=0x18 | out: lpmodinfo=0x22546b0*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0103.956] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0103.957] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0103.958] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x2256858, cb=0x18 | out: lpmodinfo=0x2256858*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0103.959] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0103.959] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0103.960] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x2258a40, cb=0x18 | out: lpmodinfo=0x2258a40*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0103.961] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0103.962] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0103.963] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x225abf8, cb=0x18 | out: lpmodinfo=0x225abf8*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0103.964] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0103.965] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0103.965] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x225cd90, cb=0x18 | out: lpmodinfo=0x225cd90*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0103.966] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0103.967] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0103.968] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x225ef48, cb=0x18 | out: lpmodinfo=0x225ef48*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0103.969] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0103.970] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0103.971] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x2261100, cb=0x18 | out: lpmodinfo=0x2261100*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0103.972] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0103.973] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0103.973] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x22632a8, cb=0x18 | out: lpmodinfo=0x22632a8*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0103.974] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0103.975] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0103.976] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x2265460, cb=0x18 | out: lpmodinfo=0x2265460*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0103.977] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0103.978] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0103.979] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x2267628, cb=0x18 | out: lpmodinfo=0x2267628*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0103.980] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0103.981] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0103.982] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x22697d0, cb=0x18 | out: lpmodinfo=0x22697d0*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0103.983] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0104.014] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0104.016] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x226b988, cb=0x18 | out: lpmodinfo=0x226b988*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0104.016] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0104.018] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0104.019] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x226db30, cb=0x18 | out: lpmodinfo=0x226db30*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0104.019] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0104.020] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0104.021] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x226fcd8, cb=0x18 | out: lpmodinfo=0x226fcd8*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0104.022] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0104.023] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0104.025] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x2271e80, cb=0x18 | out: lpmodinfo=0x2271e80*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0104.025] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0104.026] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0104.027] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x2274038, cb=0x18 | out: lpmodinfo=0x2274038*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0104.028] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0104.029] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0104.031] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x22761f0, cb=0x18 | out: lpmodinfo=0x22761f0*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0104.032] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0104.033] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0104.034] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x2278398, cb=0x18 | out: lpmodinfo=0x2278398*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0104.035] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0104.036] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0104.037] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x227a540, cb=0x18 | out: lpmodinfo=0x227a540*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0104.038] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0104.039] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0104.040] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x227c6e8, cb=0x18 | out: lpmodinfo=0x227c6e8*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0104.041] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0104.042] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0104.044] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x227e8a0, cb=0x18 | out: lpmodinfo=0x227e8a0*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0104.045] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0104.046] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0104.047] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x2280a48, cb=0x18 | out: lpmodinfo=0x2280a48*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0104.048] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0104.049] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0104.050] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x2282bf0, cb=0x18 | out: lpmodinfo=0x2282bf0*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0104.051] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0104.053] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0104.054] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x2284db8, cb=0x18 | out: lpmodinfo=0x2284db8*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0104.055] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0104.056] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0104.057] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x2286f60, cb=0x18 | out: lpmodinfo=0x2286f60*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0104.059] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0104.060] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0104.061] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x2289108, cb=0x18 | out: lpmodinfo=0x2289108*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0104.062] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0104.064] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0104.065] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x228b2c0, cb=0x18 | out: lpmodinfo=0x228b2c0*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0104.066] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0104.067] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0104.068] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x228d530, cb=0x18 | out: lpmodinfo=0x228d530*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0104.070] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0104.071] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0104.072] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x228f7c0, cb=0x18 | out: lpmodinfo=0x228f7c0*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0104.073] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0104.075] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0104.076] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x2291968, cb=0x18 | out: lpmodinfo=0x2291968*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0104.077] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0104.078] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0104.080] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x2293bd8, cb=0x18 | out: lpmodinfo=0x2293bd8*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0104.081] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0104.082] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0104.083] CloseHandle (hObject=0x260) returned 1 [0104.111] GetCurrentProcessId () returned 0x13e0 [0104.111] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x13e0) returned 0x260 [0104.111] EnumProcessModules (in: hProcess=0x260, lphModule=0x23d1478, cb=0x200, lpcbNeeded=0x14dab8 | out: lphModule=0x23d1478, lpcbNeeded=0x14dab8) returned 1 [0104.113] EnumProcessModules (in: hProcess=0x260, lphModule=0x23d1690, cb=0x400, lpcbNeeded=0x14dab8 | out: lphModule=0x23d1690, lpcbNeeded=0x14dab8) returned 1 [0104.114] GetModuleInformation (in: hProcess=0x260, hModule=0x400000, lpmodinfo=0x23d1b00, cb=0x18 | out: lpmodinfo=0x23d1b00*(lpBaseOfDll=0x400000, SizeOfImage=0xa000, EntryPoint=0x0)) returned 1 [0104.114] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x400000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe") returned 0x44 [0104.114] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x400000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335.exe")) returned 0x62 [0104.115] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f810000, lpmodinfo=0x23d3de0, cb=0x18 | out: lpmodinfo=0x23d3de0*(lpBaseOfDll=0x7ffc5f810000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0104.115] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0104.115] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0104.116] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc45030000, lpmodinfo=0x23d5f88, cb=0x18 | out: lpmodinfo=0x23d5f88*(lpBaseOfDll=0x7ffc45030000, SizeOfImage=0x68000, EntryPoint=0x7ffc45034970)) returned 1 [0104.119] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.119] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc45030000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0104.119] CoTaskMemFree (pv=0x584730) [0104.119] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.119] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc45030000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0104.119] CoTaskMemFree (pv=0x584730) [0104.119] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpmodinfo=0x21dd200, cb=0x18 | out: lpmodinfo=0x21dd200*(lpBaseOfDll=0x7ffc5ecd0000, SizeOfImage=0xad000, EntryPoint=0x7ffc5ece81a0)) returned 1 [0104.120] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.120] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0104.120] CoTaskMemFree (pv=0x584730) [0104.120] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.120] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ecd0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0104.120] CoTaskMemFree (pv=0x584730) [0104.120] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpmodinfo=0x21df3b8, cb=0x18 | out: lpmodinfo=0x21df3b8*(lpBaseOfDll=0x7ffc5bfa0000, SizeOfImage=0x1e8000, EntryPoint=0x7ffc5bfcba70)) returned 1 [0104.120] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.120] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0104.151] CoTaskMemFree (pv=0x584730) [0104.151] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.152] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bfa0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0104.152] CoTaskMemFree (pv=0x584730) [0104.152] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpmodinfo=0x21e15c8, cb=0x18 | out: lpmodinfo=0x21e15c8*(lpBaseOfDll=0x7ffc5a2e0000, SizeOfImage=0x79000, EntryPoint=0x7ffc5a2ffb90)) returned 1 [0104.152] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.152] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0104.153] CoTaskMemFree (pv=0x584730) [0104.153] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.153] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a2e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0104.153] CoTaskMemFree (pv=0x584730) [0104.153] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpmodinfo=0x21e3770, cb=0x18 | out: lpmodinfo=0x21e3770*(lpBaseOfDll=0x7ffc5ec20000, SizeOfImage=0xa7000, EntryPoint=0x7ffc5ec358d0)) returned 1 [0104.153] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.153] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0104.154] CoTaskMemFree (pv=0x584730) [0104.154] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.154] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5ec20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0104.154] CoTaskMemFree (pv=0x584730) [0104.154] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e850000, lpmodinfo=0x21e5928, cb=0x18 | out: lpmodinfo=0x21e5928*(lpBaseOfDll=0x7ffc5e850000, SizeOfImage=0x9d000, EntryPoint=0x7ffc5e8578a0)) returned 1 [0104.154] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.154] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0104.155] CoTaskMemFree (pv=0x584730) [0104.155] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.155] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e850000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0104.155] CoTaskMemFree (pv=0x584730) [0104.155] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpmodinfo=0x21e7ad0, cb=0x18 | out: lpmodinfo=0x21e7ad0*(lpBaseOfDll=0x7ffc5e8f0000, SizeOfImage=0x5b000, EntryPoint=0x7ffc5e9038b0)) returned 1 [0104.155] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.155] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0104.156] CoTaskMemFree (pv=0x584730) [0104.156] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.156] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e8f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0104.156] CoTaskMemFree (pv=0x584730) [0104.156] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpmodinfo=0x21e9d10, cb=0x18 | out: lpmodinfo=0x21e9d10*(lpBaseOfDll=0x7ffc5e2b0000, SizeOfImage=0x11c000, EntryPoint=0x7ffc5e2f02b0)) returned 1 [0104.156] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.156] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0104.157] CoTaskMemFree (pv=0x584730) [0104.157] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.157] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e2b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0104.157] CoTaskMemFree (pv=0x584730) [0104.157] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpmodinfo=0x21ebeb8, cb=0x18 | out: lpmodinfo=0x21ebeb8*(lpBaseOfDll=0x7ffc44ec0000, SizeOfImage=0x98000, EntryPoint=0x7ffc44ec1000)) returned 1 [0104.157] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.158] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0104.158] CoTaskMemFree (pv=0x584730) [0104.158] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.158] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44ec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0104.158] CoTaskMemFree (pv=0x584730) [0104.158] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpmodinfo=0x21ee0a8, cb=0x18 | out: lpmodinfo=0x21ee0a8*(lpBaseOfDll=0x7ffc5e7b0000, SizeOfImage=0x52000, EntryPoint=0x7ffc5e7bf530)) returned 1 [0104.159] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.159] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0104.159] CoTaskMemFree (pv=0x584730) [0104.159] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.159] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e7b0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0104.160] CoTaskMemFree (pv=0x584730) [0104.160] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpmodinfo=0x21f0250, cb=0x18 | out: lpmodinfo=0x21f0250*(lpBaseOfDll=0x7ffc5f2c0000, SizeOfImage=0x27d000, EntryPoint=0x7ffc5f394970)) returned 1 [0104.160] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.160] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0104.160] CoTaskMemFree (pv=0x584730) [0104.160] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.160] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f2c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0104.161] CoTaskMemFree (pv=0x584730) [0104.161] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpmodinfo=0x21f23f8, cb=0x18 | out: lpmodinfo=0x21f23f8*(lpBaseOfDll=0x7ffc5cac0000, SizeOfImage=0x6a000, EntryPoint=0x7ffc5caf6d50)) returned 1 [0104.161] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.161] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0104.161] CoTaskMemFree (pv=0x584730) [0104.161] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.162] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cac0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0104.162] CoTaskMemFree (pv=0x584730) [0104.162] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5f540000, lpmodinfo=0x21f45d0, cb=0x18 | out: lpmodinfo=0x21f45d0*(lpBaseOfDll=0x7ffc5f540000, SizeOfImage=0x186000, EntryPoint=0x7ffc5f58ffc0)) returned 1 [0104.162] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.162] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0104.163] CoTaskMemFree (pv=0x584730) [0104.163] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.163] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5f540000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0104.163] CoTaskMemFree (pv=0x584730) [0104.163] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e960000, lpmodinfo=0x21f6778, cb=0x18 | out: lpmodinfo=0x21f6778*(lpBaseOfDll=0x7ffc5e960000, SizeOfImage=0x156000, EntryPoint=0x7ffc5e96a8d0)) returned 1 [0104.164] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.164] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0104.164] CoTaskMemFree (pv=0x584730) [0104.164] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.164] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0104.165] CoTaskMemFree (pv=0x584730) [0104.165] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e810000, lpmodinfo=0x21f8920, cb=0x18 | out: lpmodinfo=0x21f8920*(lpBaseOfDll=0x7ffc5e810000, SizeOfImage=0x3b000, EntryPoint=0x7ffc5e8112f0)) returned 1 [0104.165] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.165] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0104.166] CoTaskMemFree (pv=0x584730) [0104.166] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.166] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e810000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0104.166] CoTaskMemFree (pv=0x584730) [0104.166] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be50000, lpmodinfo=0x21fabe0, cb=0x18 | out: lpmodinfo=0x21fabe0*(lpBaseOfDll=0x7ffc5be50000, SizeOfImage=0xf000, EntryPoint=0x7ffc5be53210)) returned 1 [0104.167] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.167] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0104.167] CoTaskMemFree (pv=0x584730) [0104.167] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.167] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0104.168] CoTaskMemFree (pv=0x584730) [0104.168] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc51300000, lpmodinfo=0x21fcda8, cb=0x18 | out: lpmodinfo=0x21fcda8*(lpBaseOfDll=0x7ffc51300000, SizeOfImage=0xa000, EntryPoint=0x7ffc51301350)) returned 1 [0104.168] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.168] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc51300000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0104.169] CoTaskMemFree (pv=0x584730) [0104.169] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.169] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc51300000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0104.169] CoTaskMemFree (pv=0x584730) [0104.169] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40790000, lpmodinfo=0x21fef50, cb=0x18 | out: lpmodinfo=0x21fef50*(lpBaseOfDll=0x7ffc40790000, SizeOfImage=0x98e000, EntryPoint=0x7ffc408bd9f0)) returned 1 [0104.170] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.170] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40790000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0104.170] CoTaskMemFree (pv=0x584730) [0104.170] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.170] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40790000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0104.171] CoTaskMemFree (pv=0x584730) [0104.171] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc40690000, lpmodinfo=0x2201120, cb=0x18 | out: lpmodinfo=0x2201120*(lpBaseOfDll=0x7ffc40690000, SizeOfImage=0xf7000, EntryPoint=0x7ffc406b4d80)) returned 1 [0104.171] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.171] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc40690000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0104.172] CoTaskMemFree (pv=0x584730) [0104.172] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.172] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc40690000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0104.172] CoTaskMemFree (pv=0x584730) [0104.172] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpmodinfo=0x22032f8, cb=0x18 | out: lpmodinfo=0x22032f8*(lpBaseOfDll=0x7ffc3f1c0000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0104.173] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.173] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0104.174] CoTaskMemFree (pv=0x584730) [0104.174] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.174] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f1c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0104.174] CoTaskMemFree (pv=0x584730) [0104.174] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpmodinfo=0x2205540, cb=0x18 | out: lpmodinfo=0x2205540*(lpBaseOfDll=0x7ffc5e3e0000, SizeOfImage=0x143000, EntryPoint=0x7ffc5e408210)) returned 1 [0104.175] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.175] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0104.175] CoTaskMemFree (pv=0x584730) [0104.176] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.176] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e3e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0104.176] CoTaskMemFree (pv=0x584730) [0104.176] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpmodinfo=0x22076e8, cb=0x18 | out: lpmodinfo=0x22076e8*(lpBaseOfDll=0x7ffc3ef80000, SizeOfImage=0x105000, EntryPoint=0x7ffc3ef8107c)) returned 1 [0104.177] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.177] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0104.177] CoTaskMemFree (pv=0x584730) [0104.177] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.177] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3ef80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0104.178] CoTaskMemFree (pv=0x584730) [0104.178] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpmodinfo=0x22098c8, cb=0x18 | out: lpmodinfo=0x22098c8*(lpBaseOfDll=0x7ffc5e1e0000, SizeOfImage=0xc1000, EntryPoint=0x7ffc5e200da0)) returned 1 [0104.178] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.179] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0104.179] CoTaskMemFree (pv=0x584730) [0104.179] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.179] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e1e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0104.180] CoTaskMemFree (pv=0x584730) [0104.180] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3e360000, lpmodinfo=0x220ba80, cb=0x18 | out: lpmodinfo=0x220ba80*(lpBaseOfDll=0x7ffc3e360000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0104.180] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.180] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0104.181] CoTaskMemFree (pv=0x584730) [0104.181] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.181] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3e360000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0104.182] CoTaskMemFree (pv=0x584730) [0104.182] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpmodinfo=0x220dcc0, cb=0x18 | out: lpmodinfo=0x220dcc0*(lpBaseOfDll=0x7ffc3d9d0000, SizeOfImage=0x981000, EntryPoint=0x0)) returned 1 [0104.182] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.182] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0104.183] CoTaskMemFree (pv=0x584730) [0104.183] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.183] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d9d0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\5290f26e6772518e2dd9d9c55bcc9a10\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\5290f26e6772518e2dd9d9c55bcc9a10\\system.core.ni.dll")) returned 0x6e [0104.184] CoTaskMemFree (pv=0x584730) [0104.184] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpmodinfo=0x220ff18, cb=0x18 | out: lpmodinfo=0x220ff18*(lpBaseOfDll=0x7ffc3f0a0000, SizeOfImage=0x120000, EntryPoint=0x0)) returned 1 [0104.185] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.185] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0104.187] CoTaskMemFree (pv=0x584730) [0104.187] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.187] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3f0a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\7ad6bc6ee277d5eed690e8c1c9400ff7\\system.configuration.ni.dll")) returned 0x80 [0104.187] CoTaskMemFree (pv=0x584730) [0104.187] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3d130000, lpmodinfo=0x22121a8, cb=0x18 | out: lpmodinfo=0x22121a8*(lpBaseOfDll=0x7ffc3d130000, SizeOfImage=0x89a000, EntryPoint=0x0)) returned 1 [0104.188] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.188] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0104.189] CoTaskMemFree (pv=0x584730) [0104.189] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.189] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3d130000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c0ce652aa04bc1fee99308a0a2ac79f8\\system.xml.ni.dll")) returned 0x6c [0104.189] CoTaskMemFree (pv=0x584730) [0104.190] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc44f70000, lpmodinfo=0x2214400, cb=0x18 | out: lpmodinfo=0x2214400*(lpBaseOfDll=0x7ffc44f70000, SizeOfImage=0xba000, EntryPoint=0x7ffc44f75d90)) returned 1 [0104.190] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.190] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0104.191] CoTaskMemFree (pv=0x584730) [0104.191] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.191] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc44f70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0104.192] CoTaskMemFree (pv=0x584730) [0104.192] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc470f0000, lpmodinfo=0x22165b8, cb=0x18 | out: lpmodinfo=0x22165b8*(lpBaseOfDll=0x7ffc470f0000, SizeOfImage=0x28000, EntryPoint=0x7ffc470fc7c0)) returned 1 [0104.192] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.192] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0104.193] CoTaskMemFree (pv=0x584730) [0104.193] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.193] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc470f0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0104.194] CoTaskMemFree (pv=0x584730) [0104.194] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b40000, lpmodinfo=0x2218760, cb=0x18 | out: lpmodinfo=0x2218760*(lpBaseOfDll=0x7ffc54b40000, SizeOfImage=0x14000, EntryPoint=0x7ffc54b42d50)) returned 1 [0104.195] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.195] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0104.195] CoTaskMemFree (pv=0x584730) [0104.195] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.195] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0104.196] CoTaskMemFree (pv=0x584730) [0104.196] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e740000, lpmodinfo=0x221a908, cb=0x18 | out: lpmodinfo=0x221a908*(lpBaseOfDll=0x7ffc5e740000, SizeOfImage=0x6b000, EntryPoint=0x7ffc5e7590c0)) returned 1 [0104.197] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.197] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0104.198] CoTaskMemFree (pv=0x584730) [0104.198] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.198] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e740000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0104.198] CoTaskMemFree (pv=0x584730) [0104.198] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b700000, lpmodinfo=0x221ccc8, cb=0x18 | out: lpmodinfo=0x221ccc8*(lpBaseOfDll=0x7ffc5b700000, SizeOfImage=0x5c000, EntryPoint=0x7ffc5b716f70)) returned 1 [0104.199] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.199] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0104.215] CoTaskMemFree (pv=0x584730) [0104.215] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.215] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b700000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0104.216] CoTaskMemFree (pv=0x584730) [0104.216] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc57e70000, lpmodinfo=0x221ee70, cb=0x18 | out: lpmodinfo=0x221ee70*(lpBaseOfDll=0x7ffc57e70000, SizeOfImage=0xc8000, EntryPoint=0x7ffc57eb13f0)) returned 1 [0104.216] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.216] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0104.217] CoTaskMemFree (pv=0x584730) [0104.217] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.217] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc57e70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0104.218] CoTaskMemFree (pv=0x584730) [0104.218] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54160000, lpmodinfo=0x2221018, cb=0x18 | out: lpmodinfo=0x2221018*(lpBaseOfDll=0x7ffc54160000, SizeOfImage=0x15000, EntryPoint=0x7ffc54162dc0)) returned 1 [0104.219] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.219] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54160000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0104.221] CoTaskMemFree (pv=0x584730) [0104.221] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.221] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54160000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0104.222] CoTaskMemFree (pv=0x584730) [0104.222] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55820000, lpmodinfo=0x2223200, cb=0x18 | out: lpmodinfo=0x2223200*(lpBaseOfDll=0x7ffc55820000, SizeOfImage=0x38000, EntryPoint=0x7ffc55838cc0)) returned 1 [0104.223] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.223] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55820000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0104.223] CoTaskMemFree (pv=0x584730) [0104.224] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.224] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55820000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0104.224] CoTaskMemFree (pv=0x584730) [0104.225] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5e950000, lpmodinfo=0x22253b8, cb=0x18 | out: lpmodinfo=0x22253b8*(lpBaseOfDll=0x7ffc5e950000, SizeOfImage=0x8000, EntryPoint=0x7ffc5e951ea0)) returned 1 [0104.225] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.225] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0104.226] CoTaskMemFree (pv=0x584730) [0104.226] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.226] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5e950000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0104.227] CoTaskMemFree (pv=0x584730) [0104.227] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55190000, lpmodinfo=0x2227550, cb=0x18 | out: lpmodinfo=0x2227550*(lpBaseOfDll=0x7ffc55190000, SizeOfImage=0x16000, EntryPoint=0x7ffc551919f0)) returned 1 [0104.228] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.228] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0104.229] CoTaskMemFree (pv=0x584730) [0104.229] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.229] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0104.230] CoTaskMemFree (pv=0x584730) [0104.230] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54b20000, lpmodinfo=0x2229708, cb=0x18 | out: lpmodinfo=0x2229708*(lpBaseOfDll=0x7ffc54b20000, SizeOfImage=0x1a000, EntryPoint=0x7ffc54b22430)) returned 1 [0104.231] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.231] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0104.231] CoTaskMemFree (pv=0x584730) [0104.232] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.232] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54b20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0104.232] CoTaskMemFree (pv=0x584730) [0104.232] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpmodinfo=0x222b8c0, cb=0x18 | out: lpmodinfo=0x222b8c0*(lpBaseOfDll=0x7ffc5cc80000, SizeOfImage=0x155f000, EntryPoint=0x7ffc5cde11f0)) returned 1 [0104.233] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.233] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0104.234] CoTaskMemFree (pv=0x584730) [0104.234] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.235] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc80000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0104.235] CoTaskMemFree (pv=0x584730) [0104.235] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpmodinfo=0x222da68, cb=0x18 | out: lpmodinfo=0x222da68*(lpBaseOfDll=0x7ffc5bec0000, SizeOfImage=0x43000, EntryPoint=0x7ffc5bed4b50)) returned 1 [0104.237] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.237] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0104.237] CoTaskMemFree (pv=0x584730) [0104.237] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.237] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bec0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0104.238] CoTaskMemFree (pv=0x584730) [0104.238] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpmodinfo=0x222fc20, cb=0x18 | out: lpmodinfo=0x222fc20*(lpBaseOfDll=0x7ffc5c3c0000, SizeOfImage=0x644000, EntryPoint=0x7ffc5c5864b0)) returned 1 [0104.239] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.239] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0104.240] CoTaskMemFree (pv=0x584730) [0104.240] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.240] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c3c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0104.241] CoTaskMemFree (pv=0x584730) [0104.241] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpmodinfo=0x2231de8, cb=0x18 | out: lpmodinfo=0x2231de8*(lpBaseOfDll=0x7ffc5cb50000, SizeOfImage=0xb5000, EntryPoint=0x7ffc5cb922e0)) returned 1 [0104.242] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.242] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0104.243] CoTaskMemFree (pv=0x584730) [0104.243] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.243] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cb50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0104.244] CoTaskMemFree (pv=0x584730) [0104.244] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be70000, lpmodinfo=0x2233f90, cb=0x18 | out: lpmodinfo=0x2233f90*(lpBaseOfDll=0x7ffc5be70000, SizeOfImage=0x4b000, EntryPoint=0x7ffc5be735f0)) returned 1 [0104.245] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.245] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0104.247] CoTaskMemFree (pv=0x584730) [0104.247] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.247] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0104.248] CoTaskMemFree (pv=0x584730) [0104.248] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be30000, lpmodinfo=0x2236148, cb=0x18 | out: lpmodinfo=0x2236148*(lpBaseOfDll=0x7ffc5be30000, SizeOfImage=0x14000, EntryPoint=0x7ffc5be352e0)) returned 1 [0104.249] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.249] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0104.250] CoTaskMemFree (pv=0x584730) [0104.250] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.250] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be30000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0104.251] CoTaskMemFree (pv=0x584730) [0104.251] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpmodinfo=0x22382f0, cb=0x18 | out: lpmodinfo=0x22382f0*(lpBaseOfDll=0x7ffc5a8a0000, SizeOfImage=0xaa000, EntryPoint=0x7ffc5a8c7910)) returned 1 [0104.252] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.252] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0104.253] CoTaskMemFree (pv=0x584730) [0104.253] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.253] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5a8a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0104.254] CoTaskMemFree (pv=0x584730) [0104.254] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc55860000, lpmodinfo=0x223a498, cb=0x18 | out: lpmodinfo=0x223a498*(lpBaseOfDll=0x7ffc55860000, SizeOfImage=0xb000, EntryPoint=0x7ffc55861d30)) returned 1 [0104.255] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.255] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc55860000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0104.256] CoTaskMemFree (pv=0x584730) [0104.256] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.256] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc55860000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0104.257] CoTaskMemFree (pv=0x584730) [0104.258] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc538e0000, lpmodinfo=0x223c640, cb=0x18 | out: lpmodinfo=0x223c640*(lpBaseOfDll=0x7ffc538e0000, SizeOfImage=0xa000, EntryPoint=0x7ffc538e14c0)) returned 1 [0104.258] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.258] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0104.260] CoTaskMemFree (pv=0x584730) [0104.260] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.260] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc538e0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0104.261] CoTaskMemFree (pv=0x584730) [0104.261] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc54680000, lpmodinfo=0x223e7f8, cb=0x18 | out: lpmodinfo=0x223e7f8*(lpBaseOfDll=0x7ffc54680000, SizeOfImage=0x67000, EntryPoint=0x7ffc546863e0)) returned 1 [0104.262] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.262] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc54680000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0104.263] CoTaskMemFree (pv=0x584730) [0104.263] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.263] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc54680000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0104.264] CoTaskMemFree (pv=0x584730) [0104.264] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpmodinfo=0x22409b0, cb=0x18 | out: lpmodinfo=0x22409b0*(lpBaseOfDll=0x7ffc5bcc0000, SizeOfImage=0x29000, EntryPoint=0x7ffc5bcd4530)) returned 1 [0104.265] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.265] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0104.266] CoTaskMemFree (pv=0x584730) [0104.266] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.266] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bcc0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0104.267] CoTaskMemFree (pv=0x584730) [0104.267] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4f220000, lpmodinfo=0x2242b58, cb=0x18 | out: lpmodinfo=0x2242b58*(lpBaseOfDll=0x7ffc4f220000, SizeOfImage=0xc000, EntryPoint=0x7ffc4f2235c0)) returned 1 [0104.268] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.268] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0104.270] CoTaskMemFree (pv=0x584730) [0104.270] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.270] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4f220000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0104.271] CoTaskMemFree (pv=0x584730) [0104.271] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpmodinfo=0x2244d00, cb=0x18 | out: lpmodinfo=0x2244d00*(lpBaseOfDll=0x7ffc5bab0000, SizeOfImage=0x2d000, EntryPoint=0x7ffc5bac9d40)) returned 1 [0104.302] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.302] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0104.304] CoTaskMemFree (pv=0x584730) [0104.304] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.304] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5bab0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0104.305] CoTaskMemFree (pv=0x584730) [0104.305] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b380000, lpmodinfo=0x2246ea8, cb=0x18 | out: lpmodinfo=0x2246ea8*(lpBaseOfDll=0x7ffc5b380000, SizeOfImage=0x7a000, EntryPoint=0x7ffc5b3a1a50)) returned 1 [0104.306] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.306] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0104.307] CoTaskMemFree (pv=0x584730) [0104.307] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.307] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b380000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0104.309] CoTaskMemFree (pv=0x584730) [0104.309] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5c190000, lpmodinfo=0x2249060, cb=0x18 | out: lpmodinfo=0x2249060*(lpBaseOfDll=0x7ffc5c190000, SizeOfImage=0x1c7000, EntryPoint=0x7ffc5c1edb80)) returned 1 [0104.310] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.310] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0104.311] CoTaskMemFree (pv=0x584730) [0104.311] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.311] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5c190000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0104.312] CoTaskMemFree (pv=0x584730) [0104.312] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5be60000, lpmodinfo=0x224b208, cb=0x18 | out: lpmodinfo=0x224b208*(lpBaseOfDll=0x7ffc5be60000, SizeOfImage=0x10000, EntryPoint=0x7ffc5be656e0)) returned 1 [0104.313] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.314] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0104.315] CoTaskMemFree (pv=0x584730) [0104.315] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.315] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5be60000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0104.316] CoTaskMemFree (pv=0x584730) [0104.316] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpmodinfo=0x224d3b0, cb=0x18 | out: lpmodinfo=0x224d3b0*(lpBaseOfDll=0x7ffc4bd50000, SizeOfImage=0x14000, EntryPoint=0x7ffc4bd53710)) returned 1 [0104.318] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.318] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0104.319] CoTaskMemFree (pv=0x584730) [0104.319] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.319] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4bd50000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0104.320] CoTaskMemFree (pv=0x584730) [0104.320] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpmodinfo=0x224f578, cb=0x18 | out: lpmodinfo=0x224f578*(lpBaseOfDll=0x7ffc5b9a0000, SizeOfImage=0x27000, EntryPoint=0x7ffc5b9b0aa0)) returned 1 [0104.321] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.321] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0104.322] CoTaskMemFree (pv=0x584730) [0104.322] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.322] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b9a0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0104.324] CoTaskMemFree (pv=0x584730) [0104.324] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5b960000, lpmodinfo=0x2251720, cb=0x18 | out: lpmodinfo=0x2251720*(lpBaseOfDll=0x7ffc5b960000, SizeOfImage=0x3a000, EntryPoint=0x7ffc5b968d20)) returned 1 [0104.325] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.325] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0104.326] CoTaskMemFree (pv=0x584730) [0104.326] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.326] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5b960000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0104.328] CoTaskMemFree (pv=0x584730) [0104.328] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc4be00000, lpmodinfo=0x22538c8, cb=0x18 | out: lpmodinfo=0x22538c8*(lpBaseOfDll=0x7ffc4be00000, SizeOfImage=0x1e000, EntryPoint=0x7ffc4be0ef80)) returned 1 [0104.329] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.329] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0104.330] CoTaskMemFree (pv=0x584730) [0104.330] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.330] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc4be00000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0104.331] CoTaskMemFree (pv=0x584730) [0104.332] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpmodinfo=0x2255a80, cb=0x18 | out: lpmodinfo=0x2255a80*(lpBaseOfDll=0x7ffc3cf40000, SizeOfImage=0x1eb000, EntryPoint=0x0)) returned 1 [0104.333] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.333] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0104.334] CoTaskMemFree (pv=0x584730) [0104.334] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.334] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3cf40000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\07904e28a4042013cf2850aa829d512c\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\07904e28a4042013cf2850aa829d512c\\system.drawing.ni.dll")) returned 0x74 [0104.335] CoTaskMemFree (pv=0x584730) [0104.335] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3c050000, lpmodinfo=0x2257cf0, cb=0x18 | out: lpmodinfo=0x2257cf0*(lpBaseOfDll=0x7ffc3c050000, SizeOfImage=0xee3000, EntryPoint=0x0)) returned 1 [0104.337] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.337] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0104.338] CoTaskMemFree (pv=0x584730) [0104.338] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.338] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3c050000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b3ed3a5b3196c07e3a9165328654c5de\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b3ed3a5b3196c07e3a9165328654c5de\\system.windows.forms.ni.dll")) returned 0x80 [0104.339] CoTaskMemFree (pv=0x584730) [0104.340] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpmodinfo=0x2259f80, cb=0x18 | out: lpmodinfo=0x2259f80*(lpBaseOfDll=0x7ffc5cc70000, SizeOfImage=0x8000, EntryPoint=0x7ffc5cc710b0)) returned 1 [0104.341] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.341] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0104.342] CoTaskMemFree (pv=0x584730) [0104.342] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.342] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc5cc70000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0104.343] CoTaskMemFree (pv=0x584730) [0104.343] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc412c0000, lpmodinfo=0x225c128, cb=0x18 | out: lpmodinfo=0x225c128*(lpBaseOfDll=0x7ffc412c0000, SizeOfImage=0x78000, EntryPoint=0x0)) returned 1 [0104.345] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.345] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="System.Xml.Linq.ni.dll") returned 0x16 [0104.346] CoTaskMemFree (pv=0x584730) [0104.346] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.346] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc412c0000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml.Linq\\be062827a780971b99602f86ad7eea06\\System.Xml.Linq.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml.linq\\be062827a780971b99602f86ad7eea06\\system.xml.linq.ni.dll")) returned 0x76 [0104.348] CoTaskMemFree (pv=0x584730) [0104.348] GetModuleInformation (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpmodinfo=0x225e398, cb=0x18 | out: lpmodinfo=0x225e398*(lpBaseOfDll=0x7ffc3bb20000, SizeOfImage=0x224000, EntryPoint=0x0)) returned 1 [0104.349] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.349] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpBaseName=0x584730, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0104.350] CoTaskMemFree (pv=0x584730) [0104.350] CoTaskMemAlloc (cb=0x804) returned 0x584730 [0104.350] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ffc3bb20000, lpFilename=0x584730, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Microsoft.V9921e851#\\7884a60a278642bf6137c183790dfde3\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\microsoft.v9921e851#\\7884a60a278642bf6137c183790dfde3\\microsoft.visualbasic.ni.dll")) returned 0x81 [0104.352] CoTaskMemFree (pv=0x584730) [0104.352] CloseHandle (hObject=0x260) returned 1 [0104.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe", cchWideChar=56, lpMultiByteStr=0x14dbe0, cbMultiByte=58, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exexT6\x02", lpUsedDefaultChar=0x0) returned 56 [0104.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe\"", cchWideChar=58, lpMultiByteStr=0x14db90, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe\"$áû\x7f", lpUsedDefaultChar=0x0) returned 58 [0104.389] CreateProcessA (in: lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe", lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x14dcf0*(cb=0x60, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14e528 | out: lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe\"", lpProcessInformation=0x14e528*(hProcess=0x264, hThread=0x260, dwProcessId=0xaf4, dwThreadId=0x127c)) returned 1 [0104.640] CoTaskMemFree (pv=0x0) [0104.641] CoTaskMemAlloc (cb=0x19) returned 0x1b8b3e20 [0104.644] Wow64GetThreadContext (in: hThread=0x260, lpContext=0x2366218*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0x0, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0)) | out: lpContext=0x2366218*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2ca000, Edx=0x0, Ecx=0x0, Eax=0x40ccb6, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0104.645] ReadProcessMemory (in: hProcess=0x264, lpBaseAddress=0x2ca008, lpBuffer=0x14e400, nSize=0x4, lpNumberOfBytesRead=0x14e518 | out: lpBuffer=0x14e400*, lpNumberOfBytesRead=0x14e518*=0x4) returned 1 [0104.645] CoTaskMemAlloc (cb=0x19) returned 0x1b8b4360 [0104.648] NtUnmapViewOfSection (ProcessHandle=0x264, BaseAddress=0x400000) returned 0x0 [0104.648] CoTaskMemAlloc (cb=0x25) returned 0x1b8b3b20 [0104.651] VirtualAllocEx (hProcess=0x264, lpAddress=0x400000, dwSize=0x26000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0104.652] WriteProcessMemory (in: hProcess=0x264, lpBaseAddress=0x400000, lpBuffer=0x120c1968*, nSize=0x200, lpNumberOfBytesWritten=0x14e518 | out: lpBuffer=0x120c1968*, lpNumberOfBytesWritten=0x14e518*=0x200) returned 1 [0104.674] WriteProcessMemory (in: hProcess=0x264, lpBaseAddress=0x402000, lpBuffer=0x120a1930*, nSize=0x1e600, lpNumberOfBytesWritten=0x14e518 | out: lpBuffer=0x120a1930*, lpNumberOfBytesWritten=0x14e518*=0x1e600) returned 1 [0104.683] WriteProcessMemory (in: hProcess=0x264, lpBaseAddress=0x422000, lpBuffer=0x2366c98*, nSize=0x1200, lpNumberOfBytesWritten=0x14e518 | out: lpBuffer=0x2366c98*, lpNumberOfBytesWritten=0x14e518*=0x1200) returned 1 [0104.689] WriteProcessMemory (in: hProcess=0x264, lpBaseAddress=0x424000, lpBuffer=0x2367eb0*, nSize=0x200, lpNumberOfBytesWritten=0x14e518 | out: lpBuffer=0x2367eb0*, lpNumberOfBytesWritten=0x14e518*=0x200) returned 1 [0104.702] WriteProcessMemory (in: hProcess=0x264, lpBaseAddress=0x2ca008, lpBuffer=0x23687c0*, nSize=0x4, lpNumberOfBytesWritten=0x14e518 | out: lpBuffer=0x23687c0*, lpNumberOfBytesWritten=0x14e518*=0x4) returned 1 [0104.704] CoTaskMemAlloc (cb=0x19) returned 0x1b8b3f70 [0104.707] Wow64SetThreadContext (hThread=0x260, lpContext=0x2366218*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x2ca000, Edx=0x0, Ecx=0x0, Eax=0x42059e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0104.708] CoTaskMemAlloc (cb=0x15) returned 0x1b8b7180 [0104.708] ResumeThread (hThread=0x260) returned 0x1 [0104.710] CoGetContextToken (in: pToken=0x14fc40 | out: pToken=0x14fc40) returned 0x0 [0104.710] CObjectContext::QueryInterface () returned 0x0 [0104.710] CObjectContext::GetCurrentThreadType () returned 0x0 [0104.710] Release () returned 0x0 [0104.711] CoGetContextToken (in: pToken=0x14f750 | out: pToken=0x14f750) returned 0x0 [0104.711] CObjectContext::QueryInterface () returned 0x0 [0104.711] CObjectContext::GetCurrentThreadType () returned 0x0 [0104.711] Release () returned 0x0 [0104.712] CoGetContextToken (in: pToken=0x14f750 | out: pToken=0x14f750) returned 0x0 [0104.712] CObjectContext::QueryInterface () returned 0x0 [0104.712] CObjectContext::GetCurrentThreadType () returned 0x0 [0104.712] Release () returned 0x0 [0104.723] CoGetContextToken (in: pToken=0x14f750 | out: pToken=0x14f750) returned 0x0 [0104.723] CObjectContext::QueryInterface () returned 0x0 [0104.724] CObjectContext::GetCurrentThreadType () returned 0x0 [0104.724] Release () returned 0x0 [0104.758] CoGetContextToken (in: pToken=0x14f760 | out: pToken=0x14f760) returned 0x0 [0104.758] CObjectContext::QueryInterface () returned 0x0 [0104.758] CObjectContext::GetCurrentThreadType () returned 0x0 [0104.758] Release () returned 0x0 [0104.759] CoUninitialize () Thread: id = 6 os_tid = 0xb7c Thread: id = 7 os_tid = 0x6e4 Thread: id = 8 os_tid = 0xda4 [0079.646] CoGetContextToken (in: pToken=0x1a60fa80 | out: pToken=0x1a60fa80) returned 0x0 [0079.646] CObjectContext::QueryInterface () returned 0x0 [0079.646] CObjectContext::GetCurrentThreadType () returned 0x0 [0079.647] Release () returned 0x0 [0079.647] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0079.647] RoInitialize () returned 0x1 [0079.647] RoUninitialize () returned 0x0 [0100.028] CloseHandle (hObject=0x25c) returned 1 [0100.028] CertFreeCertificateContext (pCertContext=0x573910) returned 1 [0100.029] CertFreeCertificateContext (pCertContext=0x528f80) returned 1 [0100.029] CloseHandle (hObject=0x3cc) returned 1 [0100.029] CloseHandle (hObject=0x3c8) returned 1 [0100.029] CertFreeCertificateContext (pCertContext=0x575710) returned 1 [0100.029] CloseHandle (hObject=0x3ac) returned 1 [0100.030] CloseHandle (hObject=0x3a0) returned 1 [0100.030] CertFreeCertificateContext (pCertContext=0x573c90) returned 1 [0100.031] CertFreeCertificateContext (pCertContext=0x528f80) returned 1 [0100.031] CloseHandle (hObject=0x29c) returned 1 [0100.031] CloseHandle (hObject=0x298) returned 1 [0100.031] CloseHandle (hObject=0x294) returned 1 [0100.031] CloseHandle (hObject=0x290) returned 1 [0100.032] CloseHandle (hObject=0x28c) returned 1 [0100.032] CloseHandle (hObject=0x288) returned 1 [0100.032] CloseHandle (hObject=0x4d0) returned 1 [0100.032] CloseHandle (hObject=0x284) returned 1 [0100.032] CloseHandle (hObject=0x278) returned 1 [0100.033] CloseHandle (hObject=0x274) returned 1 [0100.033] CloseHandle (hObject=0x270) returned 1 [0100.033] CloseHandle (hObject=0x26c) returned 1 [0100.033] CloseHandle (hObject=0x268) returned 1 [0100.033] CertCloseStore (hCertStore=0x552bd0, dwFlags=0x0) returned 1 [0100.034] CloseHandle (hObject=0x264) returned 1 [0100.034] CloseHandle (hObject=0x260) returned 1 [0104.712] EtwEventUnregister () returned 0x0 [0104.712] EtwEventUnregister () returned 0x0 [0104.738] WinHttpCloseHandle (hInternet=0x536e80) returned 1 [0104.740] FreeCredentialsHandle (phCredential=0x20ca7f0) returned 0x0 [0104.742] DeleteSecurityContext (phContext=0x20caa18) returned 0x0 [0104.744] CloseHandle (hObject=0x364) returned 1 [0104.744] CloseHandle (hObject=0x360) returned 1 [0104.744] RegCloseKey (hKey=0x35c) returned 0x0 [0104.744] CloseHandle (hObject=0x344) returned 1 [0104.745] RegCloseKey (hKey=0x340) returned 0x0 [0104.745] CloseHandle (hObject=0x33c) returned 1 [0104.746] RegCloseKey (hKey=0x338) returned 0x0 [0104.746] RegCloseKey (hKey=0x334) returned 0x0 [0104.746] CloseHandle (hObject=0x314) returned 1 [0104.747] setsockopt (s=0x308, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0104.747] closesocket (s=0x308) returned 0 [0104.748] CloseHandle (hObject=0x30c) returned 1 [0104.748] setsockopt (s=0x300, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0104.748] closesocket (s=0x300) returned 0 [0104.749] CloseHandle (hObject=0x304) returned 1 [0104.749] setsockopt (s=0x4bc, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0104.750] closesocket (s=0x4bc) returned 0 [0104.750] CloseHandle (hObject=0x4c0) returned 1 [0104.750] setsockopt (s=0x490, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0104.750] closesocket (s=0x490) returned 0 [0104.751] CloseHandle (hObject=0x4b8) returned 1 [0104.751] setsockopt (s=0x488, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0104.752] closesocket (s=0x488) returned 0 [0104.754] RegCloseKey (hKey=0xffffffff80000004) returned 0x0 [0104.755] CloseHandle (hObject=0x258) returned 1 [0104.755] UnmapViewOfFile (lpBaseAddress=0x440000) returned 1 Thread: id = 9 os_tid = 0x8e0 Thread: id = 10 os_tid = 0x8d4 Thread: id = 11 os_tid = 0xd98 [0087.058] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0087.058] RoInitialize () returned 0x1 [0087.058] RoUninitialize () returned 0x0 [0087.065] ResetEvent (hEvent=0x27c) returned 1 Thread: id = 12 os_tid = 0x9f4 Thread: id = 13 os_tid = 0x410 Thread: id = 14 os_tid = 0x6ec Process: id = "2" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x461d5000" os_pid = "0x13c8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13e0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 273 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 274 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 275 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 276 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 277 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 278 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 279 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 280 start_va = 0x7ff747c50000 end_va = 0x7ff747c60fff monitored = 0 entry_point = 0x7ff747c516b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 281 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 282 start_va = 0xc0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 283 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 284 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 285 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 286 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 287 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 288 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 289 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 290 start_va = 0x4c0000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 291 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 292 start_va = 0x7ffc41340000 end_va = 0x7ffc41398fff monitored = 0 entry_point = 0x7ffc4134fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 293 start_va = 0x90000 end_va = 0x90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 294 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 295 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 296 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 297 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 298 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 299 start_va = 0xa0000 end_va = 0xa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 300 start_va = 0x7ffc5e3e0000 end_va = 0x7ffc5e522fff monitored = 0 entry_point = 0x7ffc5e408210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 301 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 302 start_va = 0x7ffc5e810000 end_va = 0x7ffc5e84afff monitored = 0 entry_point = 0x7ffc5e8112f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 303 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 304 start_va = 0x7ffc5a3a0000 end_va = 0x7ffc5a525fff monitored = 0 entry_point = 0x7ffc5a3ed700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 305 start_va = 0xb0000 end_va = 0xb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 306 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 307 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 308 start_va = 0x520000 end_va = 0x6a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 309 start_va = 0x6b0000 end_va = 0x830fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 310 start_va = 0x840000 end_va = 0x1c3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 311 start_va = 0x1c40000 end_va = 0x1d1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 312 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 313 start_va = 0x7ffc5be30000 end_va = 0x7ffc5be43fff monitored = 0 entry_point = 0x7ffc5be352e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 314 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 315 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 316 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 317 start_va = 0x7ffc5c3c0000 end_va = 0x7ffc5ca03fff monitored = 0 entry_point = 0x7ffc5c5864b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 318 start_va = 0x7ffc5cb50000 end_va = 0x7ffc5cc04fff monitored = 0 entry_point = 0x7ffc5cb922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 319 start_va = 0x7ffc5cc80000 end_va = 0x7ffc5e1defff monitored = 0 entry_point = 0x7ffc5cde11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 320 start_va = 0x7ffc5e7b0000 end_va = 0x7ffc5e801fff monitored = 0 entry_point = 0x7ffc5e7bf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 321 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 322 start_va = 0x7ffc5a7b0000 end_va = 0x7ffc5a845fff monitored = 0 entry_point = 0x7ffc5a7d5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 323 start_va = 0x1c40000 end_va = 0x1cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 324 start_va = 0x1d10000 end_va = 0x1d1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Region: id = 325 start_va = 0x1d20000 end_va = 0x2056fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 326 start_va = 0x2060000 end_va = 0x2273fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 327 start_va = 0x2280000 end_va = 0x2494fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 328 start_va = 0x24a0000 end_va = 0x25b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 329 start_va = 0x25c0000 end_va = 0x27d2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 330 start_va = 0x27e0000 end_va = 0x28ecfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 331 start_va = 0x1c40000 end_va = 0x1c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 332 start_va = 0x1cd0000 end_va = 0x1cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 333 start_va = 0x7ffc5eac0000 end_va = 0x7ffc5ec19fff monitored = 0 entry_point = 0x7ffc5eb038e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 334 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 335 start_va = 0x28f0000 end_va = 0x29abfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028f0000" filename = "" Region: id = 336 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 337 start_va = 0x7ffc59dc0000 end_va = 0x7ffc59de1fff monitored = 0 entry_point = 0x7ffc59dc1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 338 start_va = 0x7ffc5a2c0000 end_va = 0x7ffc5a2d2fff monitored = 0 entry_point = 0x7ffc5a2c2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 339 start_va = 0x7ffc5bc40000 end_va = 0x7ffc5bc95fff monitored = 0 entry_point = 0x7ffc5bc50bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 340 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 341 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 342 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 343 start_va = 0x1c80000 end_va = 0x1c81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c80000" filename = "" Region: id = 344 start_va = 0x1c90000 end_va = 0x1c90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c90000" filename = "" Region: id = 345 start_va = 0x1ca0000 end_va = 0x1ca4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 346 start_va = 0x1cb0000 end_va = 0x1cb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 347 start_va = 0x1cc0000 end_va = 0x1cc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cc0000" filename = "" Region: id = 348 start_va = 0x29b0000 end_va = 0x2ba5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029b0000" filename = "" Region: id = 349 start_va = 0x7ffc52e60000 end_va = 0x7ffc530d3fff monitored = 0 entry_point = 0x7ffc52ed0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 350 start_va = 0x1ce0000 end_va = 0x1ce0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 351 start_va = 0x1cf0000 end_va = 0x1cf1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cf0000" filename = "" Region: id = 352 start_va = 0x2bb0000 end_va = 0x2c8cfff monitored = 0 entry_point = 0x2c0e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 353 start_va = 0x1ce0000 end_va = 0x1ce0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ce0000" filename = "" Region: id = 354 start_va = 0x2bb0000 end_va = 0x2caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 355 start_va = 0x2cb0000 end_va = 0x2eaefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002cb0000" filename = "" Thread: id = 2 os_tid = 0x13b4 Thread: id = 3 os_tid = 0x13c4 Thread: id = 4 os_tid = 0x13f8 Thread: id = 5 os_tid = 0x13f4 Process: id = "3" image_name = "regasm.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regasm.exe" page_root = "0x27119000" os_pid = "0xaf4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13e0" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1187 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1188 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1189 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1190 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1191 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1192 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1193 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1194 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1195 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1196 start_va = 0x400000 end_va = 0x411fff monitored = 0 entry_point = 0x40ccb6 region_type = mapped_file name = "regasm.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regasm.exe") Region: id = 1197 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1198 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1199 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1200 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1201 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1202 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 1203 start_va = 0x400000 end_va = 0x425fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1204 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1205 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1206 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1207 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1208 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1209 start_va = 0x430000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1210 start_va = 0x6c900000 end_va = 0x6c958fff monitored = 1 entry_point = 0x6c910780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1211 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1212 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1213 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1214 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1215 start_va = 0x430000 end_va = 0x4edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1216 start_va = 0x550000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1217 start_va = 0x650000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 1218 start_va = 0x73ee0000 end_va = 0x73f71fff monitored = 0 entry_point = 0x73f20380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1219 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1220 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1221 start_va = 0x6c240000 end_va = 0x6c4b7fff monitored = 0 entry_point = 0x6c255e90 region_type = mapped_file name = "aclayers.dll" filename = "\\Windows\\AppPatch\\AcLayers.dll" (normalized: "c:\\windows\\apppatch\\aclayers.dll") Region: id = 1222 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1223 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1224 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1225 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1226 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1227 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1228 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1229 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1230 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1231 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1232 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1233 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1234 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1235 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1236 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1237 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1238 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1239 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1240 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1241 start_va = 0x74620000 end_va = 0x74a2afff monitored = 0 entry_point = 0x7464adf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 1242 start_va = 0x71570000 end_va = 0x71585fff monitored = 0 entry_point = 0x715721d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 1243 start_va = 0x66680000 end_va = 0x66682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\SysWOW64\\sfc.dll" (normalized: "c:\\windows\\syswow64\\sfc.dll") Region: id = 1244 start_va = 0x71500000 end_va = 0x71566fff monitored = 0 entry_point = 0x71515a00 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 1245 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1246 start_va = 0x723c0000 end_va = 0x723cefff monitored = 0 entry_point = 0x723c63e0 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\SysWOW64\\sfc_os.dll" (normalized: "c:\\windows\\syswow64\\sfc_os.dll") Region: id = 1247 start_va = 0x650000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 1248 start_va = 0x830000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 1249 start_va = 0x4f0000 end_va = 0x519fff monitored = 0 entry_point = 0x4f5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1250 start_va = 0x840000 end_va = 0x9c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1251 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1252 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1253 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1254 start_va = 0x9d0000 end_va = 0xb50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 1255 start_va = 0xb60000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 1256 start_va = 0x650000 end_va = 0x739fff monitored = 0 entry_point = 0x68d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1257 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1258 start_va = 0x73e60000 end_va = 0x73ed8fff monitored = 1 entry_point = 0x73e6f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1259 start_va = 0x73e50000 end_va = 0x73e57fff monitored = 0 entry_point = 0x73e517b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1260 start_va = 0x731b0000 end_va = 0x73860fff monitored = 1 entry_point = 0x731c5d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1261 start_va = 0x4f0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1262 start_va = 0x1f60000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 1263 start_va = 0x73d50000 end_va = 0x73e44fff monitored = 0 entry_point = 0x73da4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 1264 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1265 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1266 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1267 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 1268 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1269 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 1270 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1271 start_va = 0x690000 end_va = 0x690fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1272 start_va = 0x6a0000 end_va = 0x6a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1273 start_va = 0x750000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1274 start_va = 0x6b0000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 1275 start_va = 0x6b0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 1276 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1277 start_va = 0x2060000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1278 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1279 start_va = 0x2160000 end_va = 0x415ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 1280 start_va = 0x750000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1281 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 1282 start_va = 0x6f0000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1283 start_va = 0x4160000 end_va = 0x425ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 1284 start_va = 0x4260000 end_va = 0x4596fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1285 start_va = 0x6b010000 end_va = 0x6c237fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 1286 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1287 start_va = 0x70040000 end_va = 0x700b4fff monitored = 0 entry_point = 0x70079a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1288 start_va = 0x7f0000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 1289 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 1290 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 1291 start_va = 0x73ae0000 end_va = 0x73b5dfff monitored = 1 entry_point = 0x73ae1140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 1292 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1293 start_va = 0x72800000 end_va = 0x731abfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 1298 start_va = 0x72670000 end_va = 0x727fcfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 1299 start_va = 0x708a0000 end_va = 0x714f8fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 1300 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1301 start_va = 0x45a0000 end_va = 0x463bfff monitored = 1 entry_point = 0x462e9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1302 start_va = 0x4640000 end_va = 0x464ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004640000" filename = "" Region: id = 1303 start_va = 0x4650000 end_va = 0x46ebfff monitored = 1 entry_point = 0x46de9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1304 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 1305 start_va = 0x4650000 end_va = 0x474ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 1306 start_va = 0x4750000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004750000" filename = "" Region: id = 1307 start_va = 0x4750000 end_va = 0x4750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004750000" filename = "" Region: id = 1308 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1309 start_va = 0x4760000 end_va = 0x4760fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1310 start_va = 0x4760000 end_va = 0x4768fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1311 start_va = 0x4760000 end_va = 0x4760fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1312 start_va = 0x4760000 end_va = 0x4768fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1313 start_va = 0x4760000 end_va = 0x4760fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1314 start_va = 0x4760000 end_va = 0x4768fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1315 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1316 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1317 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1318 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1319 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1320 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1321 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1322 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1323 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1324 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1325 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1326 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1327 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1328 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1329 start_va = 0x6a8f0000 end_va = 0x6b001fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll") Region: id = 1330 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1331 start_va = 0x4780000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 1332 start_va = 0x4790000 end_va = 0x479ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 1333 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1334 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1335 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1336 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1337 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1338 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1339 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1340 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1341 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1342 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1343 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1344 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1345 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1346 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1347 start_va = 0x4770000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1348 start_va = 0x4760000 end_va = 0x4770fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004760000" filename = "" Region: id = 1349 start_va = 0x72580000 end_va = 0x7266efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1b51e779650e38bb712f3e535efcf132\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\1b51e779650e38bb712f3e535efcf132\\system.configuration.ni.dll") Region: id = 1350 start_va = 0x6a1d0000 end_va = 0x6a8e5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\1f87b5140145c221b5201351fffc52d8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\1f87b5140145c221b5201351fffc52d8\\system.xml.ni.dll") Region: id = 1351 start_va = 0x724d0000 end_va = 0x72574fff monitored = 0 entry_point = 0x724eac50 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 1352 start_va = 0x73d20000 end_va = 0x73d42fff monitored = 0 entry_point = 0x73d25570 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 1353 start_va = 0x73ad0000 end_va = 0x73adffff monitored = 0 entry_point = 0x73ad3820 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 1354 start_va = 0x75e90000 end_va = 0x75eeefff monitored = 0 entry_point = 0x75e94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1355 start_va = 0x71a70000 end_va = 0x71abefff monitored = 0 entry_point = 0x71a7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1356 start_va = 0x4780000 end_va = 0x4781fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004780000" filename = "" Region: id = 1357 start_va = 0x4790000 end_va = 0x4790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004790000" filename = "" Region: id = 1358 start_va = 0x4810000 end_va = 0x48effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1359 start_va = 0x47a0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 1360 start_va = 0x48f0000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1361 start_va = 0x49f0000 end_va = 0x4a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049f0000" filename = "" Region: id = 1362 start_va = 0x4a30000 end_va = 0x4b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 1363 start_va = 0x700d0000 end_va = 0x7016afff monitored = 0 entry_point = 0x7010f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 1364 start_va = 0x70170000 end_va = 0x70181fff monitored = 0 entry_point = 0x70174510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 1365 start_va = 0x71970000 end_va = 0x7199efff monitored = 0 entry_point = 0x7197bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1366 start_va = 0x74610000 end_va = 0x74616fff monitored = 0 entry_point = 0x74611e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1367 start_va = 0x73ab0000 end_va = 0x73ac2fff monitored = 0 entry_point = 0x73ab25d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 1368 start_va = 0x73a90000 end_va = 0x73aa3fff monitored = 0 entry_point = 0x73a93c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 1369 start_va = 0x4b30000 end_va = 0x4b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 1370 start_va = 0x4b70000 end_va = 0x4c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 1371 start_va = 0x47e0000 end_va = 0x47e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 1372 start_va = 0x4c70000 end_va = 0x4caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c70000" filename = "" Region: id = 1373 start_va = 0x4cb0000 end_va = 0x4daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cb0000" filename = "" Region: id = 1374 start_va = 0x4db0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 1375 start_va = 0x4df0000 end_va = 0x4eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1376 start_va = 0x719a0000 end_va = 0x71a23fff monitored = 0 entry_point = 0x719c6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1377 start_va = 0x700c0000 end_va = 0x700c7fff monitored = 0 entry_point = 0x700c1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1378 start_va = 0x71960000 end_va = 0x71967fff monitored = 0 entry_point = 0x71961920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1379 start_va = 0x71910000 end_va = 0x71956fff monitored = 0 entry_point = 0x719258d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1380 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1381 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1382 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1383 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1384 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1385 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1386 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1387 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1388 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1389 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1390 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1391 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1392 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1393 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1394 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1395 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1396 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1397 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1398 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1399 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1400 start_va = 0x6fe40000 end_va = 0x6fe52fff monitored = 0 entry_point = 0x6fe49950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1401 start_va = 0x6fe10000 end_va = 0x6fe3efff monitored = 0 entry_point = 0x6fe295e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1402 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1403 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1404 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1405 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1406 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1407 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1408 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1409 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1410 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1411 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1412 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1413 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1414 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1415 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1416 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1417 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1418 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1419 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1420 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1421 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1422 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1423 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1424 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1425 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1426 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1427 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1428 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1429 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1430 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1431 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1432 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1433 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1434 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1435 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1436 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1437 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1438 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1439 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1440 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1441 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1442 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1443 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1444 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1445 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1446 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1447 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1448 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1449 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1450 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1451 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1452 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1453 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1454 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1455 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1456 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1457 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1458 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1459 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1460 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1461 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1462 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1463 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1464 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1465 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1466 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1467 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1468 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1469 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1470 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1471 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1472 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1473 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1474 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1475 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1476 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1477 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1478 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1479 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1480 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1481 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1482 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1483 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1484 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1485 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1486 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1487 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1488 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1489 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1490 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1491 start_va = 0x4ef0000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 1492 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1493 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1494 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1495 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1496 start_va = 0x4f00000 end_va = 0x4f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1497 start_va = 0x6c500000 end_va = 0x6c509fff monitored = 0 entry_point = 0x6c503200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 1498 start_va = 0x6fef0000 end_va = 0x6ff53fff monitored = 0 entry_point = 0x6ff0afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 1499 start_va = 0x76160000 end_va = 0x762d7fff monitored = 0 entry_point = 0x761b8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1500 start_va = 0x76c10000 end_va = 0x76c1dfff monitored = 0 entry_point = 0x76c15410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1501 start_va = 0x6fee0000 end_va = 0x6feeffff monitored = 0 entry_point = 0x6fee4600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 1502 start_va = 0x6fec0000 end_va = 0x6fedffff monitored = 0 entry_point = 0x6fecd120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 1503 start_va = 0x6fe90000 end_va = 0x6febbfff monitored = 0 entry_point = 0x6feabb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 1504 start_va = 0x6fe70000 end_va = 0x6fe89fff monitored = 0 entry_point = 0x6fe7fa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 1505 start_va = 0x4f00000 end_va = 0x4f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1506 start_va = 0x4f40000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 1507 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1508 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1509 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1510 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1511 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1512 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1513 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1514 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1515 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1516 start_va = 0x5050000 end_va = 0x505ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 1517 start_va = 0x70780000 end_va = 0x70835fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\4e4cb6e2e651b6d243241e4edd14b3f3\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\4e4cb6e2e651b6d243241e4edd14b3f3\\system.security.ni.dll") Region: id = 1518 start_va = 0x6fe60000 end_va = 0x6fe67fff monitored = 0 entry_point = 0x6fe61d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 1519 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1520 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1521 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1522 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1523 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1524 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1525 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1526 start_va = 0x5050000 end_va = 0x505ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 1527 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1528 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1529 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1530 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1531 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1532 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1533 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1534 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1535 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1536 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1537 start_va = 0x5050000 end_va = 0x505ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 1538 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1539 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1540 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1541 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1542 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1543 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1544 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1545 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1546 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1547 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1548 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1549 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1550 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1551 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1552 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1553 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1554 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1555 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1556 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1557 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1558 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1559 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1560 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 1561 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1562 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1563 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1564 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1565 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1566 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1567 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1568 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1569 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1570 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 1571 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1572 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1573 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1574 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1575 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1576 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1577 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1578 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1579 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1580 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1581 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1582 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1583 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1584 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1585 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1586 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1587 start_va = 0x642c0000 end_va = 0x64481fff monitored = 1 entry_point = 0x644791de region_type = mapped_file name = "system.web.extensions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Web.Extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\System.Web.Extensions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.web.extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\system.web.extensions.dll") Region: id = 1588 start_va = 0x5060000 end_va = 0x5221fff monitored = 1 entry_point = 0x52191de region_type = mapped_file name = "system.web.extensions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Web.Extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\System.Web.Extensions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.web.extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\system.web.extensions.dll") Region: id = 1589 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1590 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1591 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1592 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1593 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1594 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1595 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 1596 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1597 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1598 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1599 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1600 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1601 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1602 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1603 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1604 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1605 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1606 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1607 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1608 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1609 start_va = 0x5250000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1610 start_va = 0x5250000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1611 start_va = 0x5250000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1612 start_va = 0x5250000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1613 start_va = 0x5250000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1614 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 1615 start_va = 0x5270000 end_va = 0x527ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 1616 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 1617 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1618 start_va = 0x5250000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1619 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1620 start_va = 0x6f880000 end_va = 0x6f89cfff monitored = 0 entry_point = 0x6f883b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1621 start_va = 0x5250000 end_va = 0x52defff monitored = 0 entry_point = 0x525dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1622 start_va = 0x70600000 end_va = 0x70691fff monitored = 0 entry_point = 0x7060dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1623 start_va = 0x5250000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1624 start_va = 0x5250000 end_va = 0x5250fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005250000" filename = "" Region: id = 1625 start_va = 0x52a0000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052a0000" filename = "" Region: id = 1626 start_va = 0x52b0000 end_va = 0x536bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000052b0000" filename = "" Region: id = 1627 start_va = 0x5250000 end_va = 0x5253fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005250000" filename = "" Region: id = 1628 start_va = 0x5260000 end_va = 0x5263fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 1629 start_va = 0x5270000 end_va = 0x527ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 1630 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 1631 start_va = 0x5370000 end_va = 0x576afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005370000" filename = "" Thread: id = 15 os_tid = 0x127c [0136.259] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0137.090] RoInitialize () returned 0x1 [0137.090] RoUninitialize () returned 0x0 [0138.896] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19e5dc | out: lpLuid=0x19e5dc*(LowPart=0x14, HighPart=0)) returned 1 [0138.898] GetCurrentProcess () returned 0xffffffff [0138.899] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19e5d8 | out: TokenHandle=0x19e5d8*=0x314) returned 1 [0138.899] AdjustTokenPrivileges (in: TokenHandle=0x314, DisableAllPrivileges=0, NewState=0x21631d4*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0138.914] CloseHandle (hObject=0x314) returned 1 [0138.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x31694b0, Length=0x20000, ResultLength=0x19ecbc | out: SystemInformation=0x31694b0, ResultLength=0x19ecbc*=0x17038) returned 0x0 [0139.082] GetComputerNameW (in: lpBuffer=0x19ea94, nSize=0x19ed0c | out: lpBuffer="XC64ZB", nSize=0x19ed0c) returned 1 [0139.099] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19eac8 | out: lpTimeZoneInformation=0x19eac8) returned 0x2 [0139.102] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x19e91c | out: pTimeZoneInformation=0x19e91c) returned 0x2 [0139.135] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ea00 | out: phkResult=0x19ea00*=0x320) returned 0x0 [0139.136] RegQueryValueExW (in: hKey=0x320, lpValueName="TZI", lpReserved=0x0, lpType=0x19ea1c, lpData=0x0, lpcbData=0x19ea18*=0x0 | out: lpType=0x19ea1c*=0x3, lpData=0x0, lpcbData=0x19ea18*=0x2c) returned 0x0 [0139.136] RegQueryValueExW (in: hKey=0x320, lpValueName="TZI", lpReserved=0x0, lpType=0x19ea1c, lpData=0x218fa10, lpcbData=0x19ea18*=0x2c | out: lpType=0x19ea1c*=0x3, lpData=0x218fa10*, lpcbData=0x19ea18*=0x2c) returned 0x0 [0139.137] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e854 | out: phkResult=0x19e854*=0x0) returned 0x2 [0139.137] RegQueryValueExW (in: hKey=0x320, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19e9f4, lpData=0x0, lpcbData=0x19e9f0*=0x0 | out: lpType=0x19e9f4*=0x1, lpData=0x0, lpcbData=0x19e9f0*=0x20) returned 0x0 [0139.138] RegQueryValueExW (in: hKey=0x320, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19e9f4, lpData=0x218ff1c, lpcbData=0x19e9f0*=0x20 | out: lpType=0x19e9f4*=0x1, lpData="@tzres.dll,-320", lpcbData=0x19e9f0*=0x20) returned 0x0 [0139.138] RegQueryValueExW (in: hKey=0x320, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19e9f4, lpData=0x0, lpcbData=0x19e9f0*=0x0 | out: lpType=0x19e9f4*=0x1, lpData=0x0, lpcbData=0x19e9f0*=0x20) returned 0x0 [0139.138] RegQueryValueExW (in: hKey=0x320, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19e9f4, lpData=0x218ff74, lpcbData=0x19e9f0*=0x20 | out: lpType=0x19e9f4*=0x1, lpData="@tzres.dll,-322", lpcbData=0x19e9f0*=0x20) returned 0x0 [0139.138] RegQueryValueExW (in: hKey=0x320, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19e9f4, lpData=0x0, lpcbData=0x19e9f0*=0x0 | out: lpType=0x19e9f4*=0x1, lpData=0x0, lpcbData=0x19e9f0*=0x20) returned 0x0 [0139.138] RegQueryValueExW (in: hKey=0x320, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19e9f4, lpData=0x218ffcc, lpcbData=0x19e9f0*=0x20 | out: lpType=0x19e9f4*=0x1, lpData="@tzres.dll,-321", lpcbData=0x19e9f0*=0x20) returned 0x0 [0139.145] CoTaskMemAlloc (cb=0x20c) returned 0x5ab718 [0139.145] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5ab718 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0139.150] CoTaskMemFree (pv=0x5ab718) [0139.153] CoTaskMemAlloc (cb=0x20c) returned 0x5ab718 [0139.153] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19ea10, pwszFileMUIPath=0x5ab718, pcchFileMUIPath=0x19ea14, pululEnumerator=0x19ea08 | out: pwszLanguage=0x0, pcchLanguage=0x19ea10, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19ea14, pululEnumerator=0x19ea08) returned 1 [0139.175] CoTaskMemFree (pv=0x0) [0139.175] CoTaskMemFree (pv=0x5ab718) [0139.176] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x4760001 [0139.195] CoTaskMemAlloc (cb=0x3ec) returned 0x5b04d8 [0139.195] LoadStringW (in: hInstance=0x4760001, uID=0x140, lpBuffer=0x5b04d8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0139.196] CoTaskMemFree (pv=0x5b04d8) [0139.196] FreeLibrary (hLibModule=0x4760001) returned 1 [0139.196] CoTaskMemAlloc (cb=0x20c) returned 0x5ab718 [0139.196] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5ab718 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0139.196] CoTaskMemFree (pv=0x5ab718) [0139.197] CoTaskMemAlloc (cb=0x20c) returned 0x5ab718 [0139.197] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19ea10, pwszFileMUIPath=0x5ab718, pcchFileMUIPath=0x19ea14, pululEnumerator=0x19ea08 | out: pwszLanguage=0x0, pcchLanguage=0x19ea10, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19ea14, pululEnumerator=0x19ea08) returned 1 [0139.199] CoTaskMemFree (pv=0x0) [0139.199] CoTaskMemFree (pv=0x5ab718) [0139.199] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x4760001 [0139.202] CoTaskMemAlloc (cb=0x3ec) returned 0x5b04d8 [0139.202] LoadStringW (in: hInstance=0x4760001, uID=0x142, lpBuffer=0x5b04d8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0139.203] CoTaskMemFree (pv=0x5b04d8) [0139.203] FreeLibrary (hLibModule=0x4760001) returned 1 [0139.203] CoTaskMemAlloc (cb=0x20c) returned 0x5ab718 [0139.203] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5ab718 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0139.203] CoTaskMemFree (pv=0x5ab718) [0139.203] CoTaskMemAlloc (cb=0x20c) returned 0x5ab718 [0139.203] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19ea10, pwszFileMUIPath=0x5ab718, pcchFileMUIPath=0x19ea14, pululEnumerator=0x19ea08 | out: pwszLanguage=0x0, pcchLanguage=0x19ea10, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19ea14, pululEnumerator=0x19ea08) returned 1 [0139.206] CoTaskMemFree (pv=0x0) [0139.206] CoTaskMemFree (pv=0x5ab718) [0139.206] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x4760001 [0139.208] CoTaskMemAlloc (cb=0x3ec) returned 0x5b04d8 [0139.208] LoadStringW (in: hInstance=0x4760001, uID=0x141, lpBuffer=0x5b04d8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0139.208] CoTaskMemFree (pv=0x5b04d8) [0139.208] FreeLibrary (hLibModule=0x4760001) returned 1 [0139.209] RegCloseKey (hKey=0x320) returned 0x0 [0139.734] GetACP () returned 0x4e4 [0139.768] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19dd54 | out: phkResult=0x19dd54*=0x330) returned 0x0 [0139.768] RegQueryValueExW (in: hKey=0x330, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19dd74, lpData=0x0, lpcbData=0x19dd70*=0x0 | out: lpType=0x19dd74*=0x1, lpData=0x0, lpcbData=0x19dd70*=0xe) returned 0x0 [0139.768] RegQueryValueExW (in: hKey=0x330, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19dd74, lpData=0x2199844, lpcbData=0x19dd70*=0xe | out: lpType=0x19dd74*=0x1, lpData="Client", lpcbData=0x19dd70*=0xe) returned 0x0 [0139.768] RegCloseKey (hKey=0x330) returned 0x0 [0140.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config", nBufferLength=0x105, lpBuffer=0x19d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config", lpFilePart=0x0) returned 0x3f [0140.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config", nBufferLength=0x105, lpBuffer=0x19d6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config", lpFilePart=0x0) returned 0x3f [0140.596] GetCurrentProcess () returned 0xffffffff [0140.596] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19da70 | out: TokenHandle=0x19da70*=0x330) returned 1 [0140.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19d54c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0140.601] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19da70 | out: lpFileInformation=0x19da70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0140.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19d518, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0140.602] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19da70 | out: lpFileInformation=0x19da70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0140.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19d4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0140.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19d99c) returned 1 [0140.603] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x328 [0140.604] GetFileType (hFile=0x328) returned 0x1 [0140.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d998) returned 1 [0140.604] GetFileType (hFile=0x328) returned 0x1 [0140.629] GetFileSize (in: hFile=0x328, lpFileSizeHigh=0x19da64 | out: lpFileSizeHigh=0x19da64*=0x0) returned 0x8c8f [0140.630] ReadFile (in: hFile=0x328, lpBuffer=0x219d160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19da20, lpOverlapped=0x0 | out: lpBuffer=0x219d160*, lpNumberOfBytesRead=0x19da20*=0x1000, lpOverlapped=0x0) returned 1 [0140.644] ReadFile (in: hFile=0x328, lpBuffer=0x219d160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19d8bc, lpOverlapped=0x0 | out: lpBuffer=0x219d160*, lpNumberOfBytesRead=0x19d8bc*=0x1000, lpOverlapped=0x0) returned 1 [0140.647] ReadFile (in: hFile=0x328, lpBuffer=0x219d160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19d770, lpOverlapped=0x0 | out: lpBuffer=0x219d160*, lpNumberOfBytesRead=0x19d770*=0x1000, lpOverlapped=0x0) returned 1 [0140.648] ReadFile (in: hFile=0x328, lpBuffer=0x219d160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19d770, lpOverlapped=0x0 | out: lpBuffer=0x219d160*, lpNumberOfBytesRead=0x19d770*=0x1000, lpOverlapped=0x0) returned 1 [0140.648] ReadFile (in: hFile=0x328, lpBuffer=0x219d160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19d770, lpOverlapped=0x0 | out: lpBuffer=0x219d160*, lpNumberOfBytesRead=0x19d770*=0x1000, lpOverlapped=0x0) returned 1 [0140.649] ReadFile (in: hFile=0x328, lpBuffer=0x219d160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19d6a8, lpOverlapped=0x0 | out: lpBuffer=0x219d160*, lpNumberOfBytesRead=0x19d6a8*=0x1000, lpOverlapped=0x0) returned 1 [0140.651] ReadFile (in: hFile=0x328, lpBuffer=0x219d160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19d824, lpOverlapped=0x0 | out: lpBuffer=0x219d160*, lpNumberOfBytesRead=0x19d824*=0x1000, lpOverlapped=0x0) returned 1 [0140.653] ReadFile (in: hFile=0x328, lpBuffer=0x219d160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19d738, lpOverlapped=0x0 | out: lpBuffer=0x219d160*, lpNumberOfBytesRead=0x19d738*=0x1000, lpOverlapped=0x0) returned 1 [0140.653] ReadFile (in: hFile=0x328, lpBuffer=0x219d160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19d738, lpOverlapped=0x0 | out: lpBuffer=0x219d160*, lpNumberOfBytesRead=0x19d738*=0xc8f, lpOverlapped=0x0) returned 1 [0140.653] ReadFile (in: hFile=0x328, lpBuffer=0x219d160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19d7f8, lpOverlapped=0x0 | out: lpBuffer=0x219d160*, lpNumberOfBytesRead=0x19d7f8*=0x0, lpOverlapped=0x0) returned 1 [0140.653] CloseHandle (hObject=0x328) returned 1 [0140.654] GetCurrentProcess () returned 0xffffffff [0140.654] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19db98 | out: TokenHandle=0x19db98*=0x328) returned 1 [0140.655] GetCurrentProcess () returned 0xffffffff [0140.655] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19db98 | out: TokenHandle=0x19db98*=0x334) returned 1 [0140.655] GetCurrentProcess () returned 0xffffffff [0140.655] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19da70 | out: TokenHandle=0x19da70*=0x338) returned 1 [0140.655] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regasm.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19da70 | out: lpFileInformation=0x19da70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x503a4f7, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97b228e4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97b228e4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0140.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config", nBufferLength=0x105, lpBuffer=0x19d518, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config", lpFilePart=0x0) returned 0x3f [0140.656] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regasm.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19da70 | out: lpFileInformation=0x19da70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x503a4f7, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97b228e4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97b228e4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0140.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config", nBufferLength=0x105, lpBuffer=0x19d4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config", lpFilePart=0x0) returned 0x3f [0140.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19d99c) returned 1 [0140.656] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regasm.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x33c [0140.656] GetFileType (hFile=0x33c) returned 0x1 [0140.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d998) returned 1 [0140.656] GetFileType (hFile=0x33c) returned 0x1 [0140.656] GetFileSize (in: hFile=0x33c, lpFileSizeHigh=0x19da64 | out: lpFileSizeHigh=0x19da64*=0x0) returned 0x119 [0140.656] ReadFile (in: hFile=0x33c, lpBuffer=0x21b568c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19da20, lpOverlapped=0x0 | out: lpBuffer=0x21b568c*, lpNumberOfBytesRead=0x19da20*=0x119, lpOverlapped=0x0) returned 1 [0140.657] ReadFile (in: hFile=0x33c, lpBuffer=0x21b568c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19d8e4, lpOverlapped=0x0 | out: lpBuffer=0x21b568c*, lpNumberOfBytesRead=0x19d8e4*=0x0, lpOverlapped=0x0) returned 1 [0140.657] CloseHandle (hObject=0x33c) returned 1 [0140.657] GetCurrentProcess () returned 0xffffffff [0140.657] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19db98 | out: TokenHandle=0x19db98*=0x33c) returned 1 [0140.657] GetCurrentProcess () returned 0xffffffff [0140.657] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19db98 | out: TokenHandle=0x19db98*=0x340) returned 1 [0140.771] GetCurrentProcess () returned 0xffffffff [0140.771] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19d95c | out: TokenHandle=0x19d95c*=0x344) returned 1 [0140.789] GetCurrentProcess () returned 0xffffffff [0140.789] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19d970 | out: TokenHandle=0x19d970*=0x348) returned 1 [0141.370] CoTaskMemAlloc (cb=0xcc0) returned 0x5c09c0 [0141.370] RasEnumConnectionsW (in: param_1=0x5c09c0, param_2=0x19ec1c, param_3=0x19ec20 | out: param_1=0x5c09c0, param_2=0x19ec1c, param_3=0x19ec20) returned 0x0 [0141.564] CoTaskMemFree (pv=0x5c09c0) [0141.958] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19ea04 | out: lpWSAData=0x19ea04) returned 0 [0141.966] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3a4 [0142.806] setsockopt (s=0x3a4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0142.807] closesocket (s=0x3a4) returned 0 [0142.807] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3a4 [0142.808] setsockopt (s=0x3a4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0142.809] closesocket (s=0x3a4) returned 0 [0142.814] GetCurrentProcess () returned 0xffffffff [0142.815] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e7b8 | out: TokenHandle=0x19e7b8*=0x3a4) returned 1 [0142.819] GetCurrentProcess () returned 0xffffffff [0142.819] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e7cc | out: TokenHandle=0x19e7cc*=0x3a8) returned 1 [0142.855] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3ac [0142.856] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b0 [0142.857] ioctlsocket (in: s=0x3ac, cmd=-2147195266, argp=0x19ec24 | out: argp=0x19ec24) returned 0 [0142.857] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b4 [0142.858] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8 [0142.858] ioctlsocket (in: s=0x3b4, cmd=-2147195266, argp=0x19ec24 | out: argp=0x19ec24) returned 0 [0142.858] WSAIoctl (in: s=0x3ac, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ec0c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ec0c, lpOverlapped=0x0) returned -1 [0142.860] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19e93c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0142.963] WSAEventSelect (s=0x3ac, hEventObject=0x3b0, lNetworkEvents=512) returned 0 [0142.963] WSAIoctl (in: s=0x3b4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ec0c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ec0c, lpOverlapped=0x0) returned -1 [0142.963] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19e93c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0142.963] WSAEventSelect (s=0x3b4, hEventObject=0x3b8, lNetworkEvents=512) returned 0 [0142.963] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c0 [0142.964] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x3c0, param_3=0x3) returned 0x0 [0142.972] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19ec38 | out: phkResult=0x19ec38*=0x3d8) returned 0x0 [0142.972] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ebe8 | out: phkResult=0x19ebe8*=0x3dc) returned 0x0 [0142.973] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e0 [0142.973] RegNotifyChangeKeyValue (hKey=0x3dc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3e0, fAsynchronous=1) returned 0x0 [0142.974] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ebec | out: phkResult=0x19ebec*=0x3e4) returned 0x0 [0142.974] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e8 [0142.974] RegNotifyChangeKeyValue (hKey=0x3e4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3e8, fAsynchronous=1) returned 0x0 [0142.974] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ebec | out: phkResult=0x19ebec*=0x3ec) returned 0x0 [0142.975] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f0 [0142.975] RegNotifyChangeKeyValue (hKey=0x3ec, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x3f0, fAsynchronous=1) returned 0x0 [0142.975] GetCurrentProcess () returned 0xffffffff [0142.975] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ebe0 | out: TokenHandle=0x19ebe0*=0x3f4) returned 1 [0142.979] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e4f0 | out: phkResult=0x19e4f0*=0x3f8) returned 0x0 [0142.980] RegQueryValueExW (in: hKey=0x3f8, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x19e50c, lpData=0x0, lpcbData=0x19e508*=0x0 | out: lpType=0x19e50c*=0x0, lpData=0x0, lpcbData=0x19e508*=0x0) returned 0x2 [0142.980] RegCloseKey (hKey=0x3f8) returned 0x0 [0143.465] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x5c9568 [0144.039] WinHttpSetTimeouts (hInternet=0x5c9568, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0144.039] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19ebec | out: pProxyConfig=0x19ebec) returned 1 [0145.200] SystemFunction041 (in: Memory=0x5b9594, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x5b9594) returned 0x0 [0145.302] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x450 [0145.302] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x45c [0145.307] GetCurrentProcess () returned 0xffffffff [0145.307] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e7d8 | out: TokenHandle=0x19e7d8*=0x460) returned 1 [0145.309] GetCurrentProcess () returned 0xffffffff [0145.309] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e7ec | out: TokenHandle=0x19e7ec*=0x464) returned 1 [0145.316] QueryPerformanceFrequency (in: lpFrequency=0x6664c8 | out: lpFrequency=0x6664c8*=100000000) returned 1 [0145.317] QueryPerformanceCounter (in: lpPerformanceCount=0x19ebf4 | out: lpPerformanceCount=0x19ebf4*=1320310462076) returned 1 [0145.318] GetCurrentProcess () returned 0xffffffff [0145.318] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e7bc | out: TokenHandle=0x19e7bc*=0x468) returned 1 [0145.320] GetCurrentProcess () returned 0xffffffff [0145.320] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e7d0 | out: TokenHandle=0x19e7d0*=0x46c) returned 1 [0145.324] GetCurrentProcess () returned 0xffffffff [0145.324] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eadc | out: TokenHandle=0x19eadc*=0x470) returned 1 [0145.325] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19eb08 | out: phkResult=0x19eb08*=0x474) returned 0x0 [0145.325] RegOpenKeyExW (in: hKey=0x474, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eab8 | out: phkResult=0x19eab8*=0x478) returned 0x0 [0145.325] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x47c [0145.325] RegNotifyChangeKeyValue (hKey=0x478, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x47c, fAsynchronous=1) returned 0x0 [0145.325] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eabc | out: phkResult=0x19eabc*=0x480) returned 0x0 [0145.325] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x484 [0145.325] RegNotifyChangeKeyValue (hKey=0x480, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x484, fAsynchronous=1) returned 0x0 [0145.325] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eabc | out: phkResult=0x19eabc*=0x488) returned 0x0 [0145.325] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x48c [0145.325] RegNotifyChangeKeyValue (hKey=0x488, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x48c, fAsynchronous=1) returned 0x0 [0145.326] GetCurrentProcess () returned 0xffffffff [0145.326] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eab0 | out: TokenHandle=0x19eab0*=0x490) returned 1 [0145.326] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x5c4830 [0145.326] WinHttpSetTimeouts (hInternet=0x5c4830, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0145.327] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19eabc | out: pProxyConfig=0x19eabc) returned 1 [0145.381] CoTaskMemAlloc (cb=0x20c) returned 0x5d8fe8 [0145.381] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x5d8fe8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0145.381] CoTaskMemFree (pv=0x5d8fe8) [0145.381] CoTaskMemAlloc (cb=0x20c) returned 0x5d8fe8 [0145.381] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x5d8fe8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0145.381] CoTaskMemFree (pv=0x5d8fe8) [0145.391] EtwEventRegister (in: ProviderId=0x21c392c, EnableCallback=0x48005fe, CallbackContext=0x0, RegHandle=0x21c3908 | out: RegHandle=0x21c3908) returned 0x0 [0145.394] EtwEventSetInformation (RegHandle=0x5c7b28, InformationClass=0x51, EventInformation=0x2, InformationLength=0x21c38c8) returned 0x0 [0145.397] GetCurrentProcess () returned 0xffffffff [0145.397] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e784 | out: TokenHandle=0x19e784*=0x49c) returned 1 [0145.398] GetCurrentProcess () returned 0xffffffff [0145.398] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e798 | out: TokenHandle=0x19e798*=0x4a0) returned 1 [0145.407] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ea58*=0x3c0, lpdwindex=0x19e874 | out: lpdwindex=0x19e874) returned 0x80010115 [0146.405] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ea38*=0x3b0, lpdwindex=0x19e854 | out: lpdwindex=0x19e854) returned 0x80010115 [0146.405] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ea38*=0x3b8, lpdwindex=0x19e854 | out: lpdwindex=0x19e854) returned 0x0 [0146.405] WSAIoctl (in: s=0x3b4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ea94, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ea94, lpOverlapped=0x0) returned -1 [0146.406] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19e7c4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0146.406] WSAEventSelect (s=0x3b4, hEventObject=0x3b8, lNetworkEvents=512) returned 0 [0146.406] CoTaskMemAlloc (cb=0xcc0) returned 0x5d0798 [0146.406] RasEnumConnectionsW (in: param_1=0x5d0798, param_2=0x19eac0, param_3=0x19eac4 | out: param_1=0x5d0798, param_2=0x19eac0, param_3=0x19eac4) returned 0x0 [0146.407] CoTaskMemFree (pv=0x5d0798) [0146.420] GetCurrentProcess () returned 0xffffffff [0146.420] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ea3c | out: TokenHandle=0x19ea3c*=0x4c4) returned 1 [0146.504] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19ea30 | out: pProxyConfig=0x19ea30) returned 1 [0146.511] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ea8c*=0x3e0, lpdwindex=0x19e8ac | out: lpdwindex=0x19e8ac) returned 0x80010115 [0146.511] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ea8c*=0x3e8, lpdwindex=0x19e8ac | out: lpdwindex=0x19e8ac) returned 0x80010115 [0146.511] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ea8c*=0x3f0, lpdwindex=0x19e8ac | out: lpdwindex=0x19e8ac) returned 0x80010115 [0146.515] GetCurrentProcess () returned 0xffffffff [0146.515] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e728 | out: TokenHandle=0x19e728*=0x4c8) returned 1 [0146.516] GetCurrentProcess () returned 0xffffffff [0146.516] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e73c | out: TokenHandle=0x19e73c*=0x4cc) returned 1 [0146.517] SetEvent (hEvent=0x450) returned 1 [0146.541] EtwEventRegister (in: ProviderId=0x21c6a78, EnableCallback=0x4800626, CallbackContext=0x0, RegHandle=0x21c6a54 | out: RegHandle=0x21c6a54) returned 0x0 [0146.541] EtwEventSetInformation (RegHandle=0x5c7238, InformationClass=0x52, EventInformation=0x2, InformationLength=0x21c6a18) returned 0x0 [0146.542] SetEvent (hEvent=0x450) returned 1 [0146.549] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x19ea70 | out: pFixedInfo=0x0, pOutBufLen=0x19ea70) returned 0x6f [0147.512] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x5d2df8 [0147.512] GetNetworkParams (in: pFixedInfo=0x5d2df8, pOutBufLen=0x19ea70 | out: pFixedInfo=0x5d2df8, pOutBufLen=0x19ea70) returned 0x0 [0147.528] LocalFree (hMem=0x5d2df8) returned 0x0 [0147.529] CoTaskMemAlloc (cb=0x20c) returned 0x5d2df8 [0147.529] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x5d2df8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0147.529] CoTaskMemFree (pv=0x5d2df8) [0147.529] CoTaskMemAlloc (cb=0x20c) returned 0x5d2df8 [0147.529] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x5d2df8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0147.529] CoTaskMemFree (pv=0x5d2df8) [0147.538] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x52c [0147.540] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4fc [0147.541] GetAddrInfoW (in: pNodeName="checkip.dyndns.org", pServiceName=0x0, pHints=0x19e960*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19e908 | out: ppResult=0x19e908*=0x5d89e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.com", ai_addr=0x5d16a0*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x5d87d8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1640*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x5d8a08*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d17a8*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x5d8a58*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1760*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x5d8ad0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d18b0*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x5d8828*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1730*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x5d8aa8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1778*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x0)))))))) returned 0 [0147.974] FreeAddrInfoW (pAddrInfo=0x5d89e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.com", ai_addr=0x5d16a0*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x5d87d8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1640*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x5d8a08*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d17a8*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x5d8a58*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1760*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x5d8ad0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d18b0*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x5d8828*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1730*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x5d8aa8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1778*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x0)))))))) [0147.976] GetAddrInfoW (in: pNodeName="checkip.dyndns.org", pServiceName=0x0, pHints=0x19e960*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19e908 | out: ppResult=0x19e908*=0x5d87d8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.org", ai_addr=0x5d16e8*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x5d8a80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1760*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x5d8a08*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1718*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x5d8828*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d15e0*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x5d8ad0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d17f0*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x5d8738*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1868*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x5d89e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d15f8*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x0)))))))) returned 0 [0147.982] FreeAddrInfoW (pAddrInfo=0x5d87d8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.org", ai_addr=0x5d16e8*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x5d8a80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1760*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x5d8a08*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1718*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x5d8828*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d15e0*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x5d8ad0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d17f0*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x5d8738*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1868*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x5d89e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d15f8*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x0)))))))) [0147.983] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x538 [0147.983] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x53c [0147.983] ioctlsocket (in: s=0x538, cmd=-2147195266, argp=0x19e938 | out: argp=0x19e938) returned 0 [0147.983] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x540 [0147.983] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x544 [0147.983] ioctlsocket (in: s=0x540, cmd=-2147195266, argp=0x19e938 | out: argp=0x19e938) returned 0 [0147.983] WSAIoctl (in: s=0x538, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19e920, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19e920, lpOverlapped=0x0) returned -1 [0147.983] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19e650, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0147.983] WSAEventSelect (s=0x538, hEventObject=0x53c, lNetworkEvents=512) returned 0 [0147.983] WSAIoctl (in: s=0x540, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19e920, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19e920, lpOverlapped=0x0) returned -1 [0147.984] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19e650, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0147.984] WSAEventSelect (s=0x540, hEventObject=0x544, lNetworkEvents=512) returned 0 [0147.984] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x19e91c*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x19e91c*=0xa78) returned 0x6f [0147.987] LocalAlloc (uFlags=0x0, uBytes=0xa78) returned 0x5de3f8 [0147.987] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x5de3f8, SizePointer=0x19e91c*=0xa78 | out: AdapterAddresses=0x5de3f8*(Alignment=0x500000178, Length=0x178, IfIndex=0x5, Next=0x5de6a0, AdapterName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", FirstUnicastAddress=0x5de614, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection", FriendlyName="Ethernet", PhysicalAddress=([0]=0x54, [1]=0x3, [2]=0xf5, [3]=0xb3, [4]=0x8, [5]=0x74, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x5, ZoneIndices=([0]=0x5, [1]=0x5, [2]=0x5, [3]=0x5, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008000000000, Dhcpv4Server.lpSockaddr=0x5de570*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x300053a, FirstDnsSuffix=0x0), SizePointer=0x19e91c*=0xa78) returned 0x0 [0147.997] LocalFree (hMem=0x5de3f8) returned 0x0 [0148.000] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e92c | out: phkResult=0x19e92c*=0x548) returned 0x0 [0148.000] RegQueryValueExW (in: hKey=0x548, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x19e948, lpData=0x0, lpcbData=0x19e944*=0x0 | out: lpType=0x19e948*=0x0, lpData=0x0, lpcbData=0x19e944*=0x0) returned 0x2 [0148.000] RegCloseKey (hKey=0x548) returned 0x0 [0148.004] WSAConnect (in: s=0x52c, name=0x21d0604*(sa_family=2, sin_port=0x50, sin_addr="132.226.8.169"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0148.275] closesocket (s=0x4fc) returned 0 [0148.279] send (s=0x52c, buf=0x21d1230*, len=151, flags=0) returned 151 [0148.281] setsockopt (s=0x52c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0148.282] recv (in: s=0x52c, buf=0x21cb53c, len=4096, flags=0 | out: buf=0x21cb53c*) returned 275 [0148.769] setsockopt (s=0x52c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0148.770] SetEvent (hEvent=0x450) returned 1 [0148.796] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19eba4 | out: phkResult=0x19eba4*=0x4fc) returned 0x0 [0148.797] RegOpenKeyExW (in: hKey=0x4fc, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eb54 | out: phkResult=0x19eb54*=0x548) returned 0x0 [0148.797] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x54c [0148.797] RegNotifyChangeKeyValue (hKey=0x548, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x54c, fAsynchronous=1) returned 0x0 [0148.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eb58 | out: phkResult=0x19eb58*=0x550) returned 0x0 [0148.797] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x554 [0148.797] RegNotifyChangeKeyValue (hKey=0x550, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x554, fAsynchronous=1) returned 0x0 [0148.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eb58 | out: phkResult=0x19eb58*=0x558) returned 0x0 [0148.797] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x55c [0148.797] RegNotifyChangeKeyValue (hKey=0x558, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x55c, fAsynchronous=1) returned 0x0 [0148.798] GetCurrentProcess () returned 0xffffffff [0148.798] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eb4c | out: TokenHandle=0x19eb4c*=0x560) returned 1 [0148.798] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x5e1070 [0148.798] WinHttpSetTimeouts (hInternet=0x5e1070, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0148.798] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19eb58 | out: pProxyConfig=0x19eb58) returned 1 [0148.806] QueryPerformanceCounter (in: lpPerformanceCount=0x19eb60 | out: lpPerformanceCount=0x19eb60*=1320659353346) returned 1 [0148.806] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e9c4*=0x3c0, lpdwindex=0x19e7e4 | out: lpdwindex=0x19e7e4) returned 0x80010115 [0148.806] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e9a4*=0x3b0, lpdwindex=0x19e7c4 | out: lpdwindex=0x19e7c4) returned 0x80010115 [0148.807] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e9a4*=0x3b8, lpdwindex=0x19e7c4 | out: lpdwindex=0x19e7c4) returned 0x80010115 [0148.807] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e9f8*=0x54c, lpdwindex=0x19e814 | out: lpdwindex=0x19e814) returned 0x80010115 [0148.807] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e9f8*=0x554, lpdwindex=0x19e814 | out: lpdwindex=0x19e814) returned 0x80010115 [0148.808] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e9f8*=0x55c, lpdwindex=0x19e814 | out: lpdwindex=0x19e814) returned 0x80010115 [0148.808] SetEvent (hEvent=0x450) returned 1 [0148.809] select (in: nfds=0, readfds=0x21d4cf4, writefds=0x0, exceptfds=0x0, timeout=0x19ea5c*(tv_sec=0, tv_usec=0) | out: readfds=0x21d4cf4, writefds=0x0, exceptfds=0x0) returned 0 [0148.809] send (s=0x52c, buf=0x21d1230*, len=127, flags=0) returned 127 [0148.809] setsockopt (s=0x52c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0148.809] recv (in: s=0x52c, buf=0x21cb53c, len=4096, flags=0 | out: buf=0x21cb53c*) returned 275 [0149.089] setsockopt (s=0x52c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0149.089] SetEvent (hEvent=0x450) returned 1 [0150.487] QueryPerformanceCounter (in: lpPerformanceCount=0x19e404 | out: lpPerformanceCount=0x19e404*=1320827497562) returned 1 [0150.487] SetEvent (hEvent=0x450) returned 1 [0150.488] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e238*=0x3c0, lpdwindex=0x19e054 | out: lpdwindex=0x19e054) returned 0x80010115 [0150.488] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e218*=0x3b0, lpdwindex=0x19e034 | out: lpdwindex=0x19e034) returned 0x80010115 [0150.488] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e218*=0x3b8, lpdwindex=0x19e034 | out: lpdwindex=0x19e034) returned 0x80010115 [0150.489] GetCurrentProcess () returned 0xffffffff [0150.489] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e21c | out: TokenHandle=0x19e21c*=0x56c) returned 1 [0150.489] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19e210 | out: pProxyConfig=0x19e210) returned 1 [0150.496] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e26c*=0x47c, lpdwindex=0x19e08c | out: lpdwindex=0x19e08c) returned 0x80010115 [0150.497] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e26c*=0x484, lpdwindex=0x19e08c | out: lpdwindex=0x19e08c) returned 0x80010115 [0150.497] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e26c*=0x48c, lpdwindex=0x19e08c | out: lpdwindex=0x19e08c) returned 0x80010115 [0150.499] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x578 [0150.499] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x57c [0150.499] GetAddrInfoW (in: pNodeName="freegeoip.app", pServiceName=0x0, pHints=0x19e16c*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19e114 | out: ppResult=0x19e114*=0x5d8c88*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="freegeoip.app", ai_addr=0x5d17c0*(sa_family=2, sin_port=0x0, sin_addr="172.67.188.154"), ai_next=0x5d7f90*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1730*(sa_family=2, sin_port=0x0, sin_addr="104.21.19.200"), ai_next=0x0))) returned 0 [0150.511] FreeAddrInfoW (pAddrInfo=0x5d8c88*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="freegeoip.app", ai_addr=0x5d17c0*(sa_family=2, sin_port=0x0, sin_addr="172.67.188.154"), ai_next=0x5d7f90*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5d1730*(sa_family=2, sin_port=0x0, sin_addr="104.21.19.200"), ai_next=0x0))) [0150.511] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e0b4*=0x53c, lpdwindex=0x19ded4 | out: lpdwindex=0x19ded4) returned 0x80010115 [0150.511] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19e0b4*=0x544, lpdwindex=0x19ded4 | out: lpdwindex=0x19ded4) returned 0x80010115 [0150.511] WSAConnect (in: s=0x578, name=0x21ee190*(sa_family=2, sin_port=0x1bb, sin_addr="172.67.188.154"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0150.532] closesocket (s=0x57c) returned 0 [0150.542] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19cb98 | out: phkResult=0x19cb98*=0x0) returned 0x2 [0150.545] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e0b0 | out: phkResult=0x19e0b0*=0x57c) returned 0x0 [0150.545] RegQueryValueExW (in: hKey=0x57c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19e0cc, lpData=0x0, lpcbData=0x19e0c8*=0x0 | out: lpType=0x19e0cc*=0x0, lpData=0x0, lpcbData=0x19e0c8*=0x0) returned 0x2 [0150.545] RegCloseKey (hKey=0x57c) returned 0x0 [0150.675] EnumerateSecurityPackagesW (in: pcPackages=0x19e0bc, ppPackageInfo=0x19e050 | out: pcPackages=0x19e0bc, ppPackageInfo=0x19e050) returned 0x0 [0150.686] FreeContextBuffer (in: pvContextBuffer=0x5dd3c8 | out: pvContextBuffer=0x5dd3c8) returned 0x0 [0150.695] GetCurrentProcess () returned 0xffffffff [0150.695] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19de9c | out: TokenHandle=0x19de9c*=0x584) returned 1 [0150.696] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x21ef868, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x19def0, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x21f0d70, ptsExpiry=0x19de74 | out: phCredential=0x21f0d70, ptsExpiry=0x19de74) returned 0x0 [0151.810] InitializeSecurityContextW (in: phCredential=0x19deb4, phContext=0x0, pTargetName=0x21ee1dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x21f0f64, pOutput=0x21f0efc, pfContextAttr=0x21ef83c, ptsExpiry=0x19deac | out: phNewContext=0x21f0f64, pOutput=0x21f0efc, pfContextAttr=0x21ef83c, ptsExpiry=0x19deac) returned 0x90312 [0151.811] FreeContextBuffer (in: pvContextBuffer=0x5ba5b0 | out: pvContextBuffer=0x5ba5b0) returned 0x0 [0151.817] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x74530000 [0151.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="GetCurrentPackageId", cchWideChar=19, lpMultiByteStr=0x19defc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentPackageId", lpUsedDefaultChar=0x0) returned 19 [0151.818] GetProcAddress (hModule=0x74530000, lpProcName="GetCurrentPackageId") returned 0x76cdded0 [0151.819] GetCurrentPackageId () returned 0x3d54 [0151.820] send (s=0x578, buf=0x21f0f78*, len=125, flags=0) returned 125 [0151.838] recv (in: s=0x578, buf=0x21f0f78, len=5, flags=0 | out: buf=0x21f0f78*) returned 5 [0151.840] recv (in: s=0x578, buf=0x21f0f7d, len=67, flags=0 | out: buf=0x21f0f7d*) returned 67 [0151.841] InitializeSecurityContextW (in: phCredential=0x19de18, phContext=0x19dea4, pTargetName=0x21ee1dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21f14a4, Reserved2=0x0, phNewContext=0x21f0f64, pOutput=0x21f14b8, pfContextAttr=0x21ef83c, ptsExpiry=0x19de10 | out: phNewContext=0x21f0f64, pOutput=0x21f14b8, pfContextAttr=0x21ef83c, ptsExpiry=0x19de10) returned 0x90312 [0151.843] recv (in: s=0x578, buf=0x21f1548, len=5, flags=0 | out: buf=0x21f1548*) returned 5 [0151.843] recv (in: s=0x578, buf=0x21f1561, len=2353, flags=0 | out: buf=0x21f1561*) returned 2353 [0151.843] InitializeSecurityContextW (in: phCredential=0x19dd80, phContext=0x19de0c, pTargetName=0x21ee1dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21f1f04, Reserved2=0x0, phNewContext=0x21f0f64, pOutput=0x21f1f18, pfContextAttr=0x21ef83c, ptsExpiry=0x19dd78 | out: phNewContext=0x21f0f64, pOutput=0x21f1f18, pfContextAttr=0x21ef83c, ptsExpiry=0x19dd78) returned 0x90312 [0151.845] recv (in: s=0x578, buf=0x21f1fa8, len=5, flags=0 | out: buf=0x21f1fa8*) returned 5 [0151.846] recv (in: s=0x578, buf=0x21f1fc1, len=146, flags=0 | out: buf=0x21f1fc1*) returned 146 [0151.846] InitializeSecurityContextW (in: phCredential=0x19dce8, phContext=0x19dd74, pTargetName=0x21ee1dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21f20c4, Reserved2=0x0, phNewContext=0x21f0f64, pOutput=0x21f20d8, pfContextAttr=0x21ef83c, ptsExpiry=0x19dce0 | out: phNewContext=0x21f0f64, pOutput=0x21f20d8, pfContextAttr=0x21ef83c, ptsExpiry=0x19dce0) returned 0x90312 [0151.847] recv (in: s=0x578, buf=0x21f2168, len=5, flags=0 | out: buf=0x21f2168*) returned 5 [0151.847] recv (in: s=0x578, buf=0x21f2181, len=4, flags=0 | out: buf=0x21f2181*) returned 4 [0151.847] InitializeSecurityContextW (in: phCredential=0x19dc50, phContext=0x19dcdc, pTargetName=0x21ee1dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21f21f8, Reserved2=0x0, phNewContext=0x21f0f64, pOutput=0x21f220c, pfContextAttr=0x21ef83c, ptsExpiry=0x19dc48 | out: phNewContext=0x21f0f64, pOutput=0x21f220c, pfContextAttr=0x21ef83c, ptsExpiry=0x19dc48) returned 0x90312 [0151.866] FreeContextBuffer (in: pvContextBuffer=0x5da890 | out: pvContextBuffer=0x5da890) returned 0x0 [0151.866] send (s=0x578, buf=0x21f2288*, len=134, flags=0) returned 134 [0151.867] recv (in: s=0x578, buf=0x21f2288, len=5, flags=0 | out: buf=0x21f2288*) returned 5 [0151.883] recv (in: s=0x578, buf=0x21f2335, len=202, flags=0 | out: buf=0x21f2335*) returned 202 [0151.883] InitializeSecurityContextW (in: phCredential=0x19dbb8, phContext=0x19dc44, pTargetName=0x21ee1dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21f2470, Reserved2=0x0, phNewContext=0x21f0f64, pOutput=0x21f2484, pfContextAttr=0x21ef83c, ptsExpiry=0x19dbb0 | out: phNewContext=0x21f0f64, pOutput=0x21f2484, pfContextAttr=0x21ef83c, ptsExpiry=0x19dbb0) returned 0x90312 [0151.883] recv (in: s=0x578, buf=0x21f2514, len=5, flags=0 | out: buf=0x21f2514*) returned 5 [0151.884] recv (in: s=0x578, buf=0x21f252d, len=1, flags=0 | out: buf=0x21f252d*) returned 1 [0151.884] InitializeSecurityContextW (in: phCredential=0x19db20, phContext=0x19dbac, pTargetName=0x21ee1dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21f25a0, Reserved2=0x0, phNewContext=0x21f0f64, pOutput=0x21f25b4, pfContextAttr=0x21ef83c, ptsExpiry=0x19db18 | out: phNewContext=0x21f0f64, pOutput=0x21f25b4, pfContextAttr=0x21ef83c, ptsExpiry=0x19db18) returned 0x90312 [0151.884] recv (in: s=0x578, buf=0x21f2644, len=5, flags=0 | out: buf=0x21f2644*) returned 5 [0151.884] recv (in: s=0x578, buf=0x21f265d, len=48, flags=0 | out: buf=0x21f265d*) returned 48 [0151.884] InitializeSecurityContextW (in: phCredential=0x19da88, phContext=0x19db14, pTargetName=0x21ee1dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21f2700, Reserved2=0x0, phNewContext=0x21f0f64, pOutput=0x21f2714, pfContextAttr=0x21ef83c, ptsExpiry=0x19da80 | out: phNewContext=0x21f0f64, pOutput=0x21f2714, pfContextAttr=0x21ef83c, ptsExpiry=0x19da80) returned 0x0 [0152.740] QueryContextAttributesW (in: phContext=0x21f0f64, ulAttribute=0x4, pBuffer=0x21f27c0 | out: pBuffer=0x21f27c0) returned 0x0 [0152.740] QueryContextAttributesW (in: phContext=0x21f0f64, ulAttribute=0x5a, pBuffer=0x21f2818 | out: pBuffer=0x21f2818) returned 0x0 [0152.745] QueryContextAttributesW (in: phContext=0x21f0f64, ulAttribute=0x53, pBuffer=0x21f2acc | out: pBuffer=0x21f2acc) returned 0x0 [0152.750] CertDuplicateCertificateContext (pCertContext=0x5a4ec0) returned 0x5a4ec0 [0152.750] CertDuplicateStore (hCertStore=0x5bffb0) returned 0x5bffb0 [0152.750] CertEnumCertificatesInStore (hCertStore=0x5bffb0, pPrevCertContext=0x0) returned 0x568e60 [0152.751] CertDuplicateCertificateContext (pCertContext=0x568e60) returned 0x568e60 [0152.751] CertEnumCertificatesInStore (hCertStore=0x5bffb0, pPrevCertContext=0x568e60) returned 0x5a4ec0 [0152.751] CertDuplicateCertificateContext (pCertContext=0x5a4ec0) returned 0x5a4ec0 [0152.751] CertEnumCertificatesInStore (hCertStore=0x5bffb0, pPrevCertContext=0x5a4ec0) returned 0x0 [0152.751] CertCloseStore (hCertStore=0x5bffb0, dwFlags=0x0) returned 1 [0152.751] CertFreeCertificateContext (pCertContext=0x5a4ec0) returned 1 [0152.760] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x5bfd58 [0152.761] CertAddCRLLinkToStore (in: hCertStore=0x5bfd58, pCrlContext=0x568e60, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0152.762] CertAddCRLLinkToStore (in: hCertStore=0x5bfd58, pCrlContext=0x5a4ec0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0152.766] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x5a4ec0, pTime=0x19da94, hAdditionalStore=0x5bfd58, pChainPara=0x19d9d4, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x19d9c8 | out: ppChainContext=0x19d9c8) returned 1 [0152.779] CertDuplicateCertificateChain (pChainContext=0x5f3438) returned 0x5f3438 [0152.780] CertDuplicateCertificateContext (pCertContext=0x5a4ec0) returned 0x5a4ec0 [0152.780] CertDuplicateCertificateContext (pCertContext=0x5defa0) returned 0x5defa0 [0152.780] CertDuplicateCertificateContext (pCertContext=0x5df1d0) returned 0x5df1d0 [0152.780] CertFreeCertificateChain (pChainContext=0x5f3438) [0152.781] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5f3438, pPolicyPara=0x19db74, pPolicyStatus=0x19db60 | out: pPolicyStatus=0x19db60) returned 1 [0152.782] SetLastError (dwErrCode=0x0) [0152.784] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5f3438, pPolicyPara=0x19dbe0, pPolicyStatus=0x19db88 | out: pPolicyStatus=0x19db88) returned 1 [0152.788] CertFreeCertificateChain (pChainContext=0x5f3438) [0152.788] CertFreeCertificateContext (pCertContext=0x5a4ec0) returned 1 [0152.791] CoTaskMemAlloc (cb=0x20c) returned 0x5ed440 [0152.791] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x5ed440, nSize=0x104 | out: lpBuffer="") returned 0x0 [0152.791] CoTaskMemFree (pv=0x5ed440) [0152.791] CoTaskMemAlloc (cb=0x20c) returned 0x5ed440 [0152.791] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x5ed440, nSize=0x104 | out: lpBuffer="") returned 0x0 [0152.791] CoTaskMemFree (pv=0x5ed440) [0152.791] CoTaskMemAlloc (cb=0x20c) returned 0x5ed440 [0152.791] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x5ed440, nSize=0x104 | out: lpBuffer="") returned 0x0 [0152.792] CoTaskMemFree (pv=0x5ed440) [0152.792] CoTaskMemAlloc (cb=0x20c) returned 0x5ed440 [0152.792] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x5ed440, nSize=0x104 | out: lpBuffer="") returned 0x0 [0152.792] CoTaskMemFree (pv=0x5ed440) [0152.793] EncryptMessage (in: phContext=0x21f0f64, fQOP=0x0, pMessage=0x21facdc, MessageSeqNo=0x0 | out: pMessage=0x21facdc) returned 0x0 [0152.793] send (s=0x578, buf=0x21f97b4*, len=117, flags=0) returned 117 [0152.794] setsockopt (s=0x578, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0152.796] recv (in: s=0x578, buf=0x2206f74, len=5, flags=0 | out: buf=0x2206f74*) returned 5 [0152.837] recv (in: s=0x578, buf=0x2206f79, len=1264, flags=0 | out: buf=0x2206f79*) returned 1264 [0152.838] DecryptMessage (in: phContext=0x21f0f64, pMessage=0x220b034, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x220b034, pfQOP=0x0) returned 0x0 [0152.840] setsockopt (s=0x578, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0152.947] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2001f, phkResult=0x19f3a8 | out: phkResult=0x19f3a8*=0x664) returned 0x0 [0152.948] RegQueryValueExW (in: hKey=0x664, lpValueName="DisableAntiSpyware", lpReserved=0x0, lpType=0x19f400, lpData=0x0, lpcbData=0x19f3fc*=0x0 | out: lpType=0x19f400*=0x4, lpData=0x0, lpcbData=0x19f3fc*=0x4) returned 0x0 [0152.948] RegSetValueExW (in: hKey=0x664, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x19f420*=0x1, cbData=0x4 | out: lpData=0x19f420*=0x1) returned 0x0 [0152.949] RegCloseKey (hKey=0x664) returned 0x0 [0153.005] CoTaskMemAlloc (cb=0x20c) returned 0x5f3438 [0153.005] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5f3438 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0153.006] CoTaskMemFree (pv=0x5f3438) [0153.006] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0153.048] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f21c | out: phkResult=0x19f21c*=0x0) returned 0x2 [0153.049] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f21c | out: phkResult=0x19f21c*=0x0) returned 0x2 [0153.049] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f21c | out: phkResult=0x19f21c*=0x0) returned 0x2 [0153.049] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f21c | out: phkResult=0x19f21c*=0x674) returned 0x0 [0153.049] RegQueryInfoKeyW (in: hKey=0x674, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19f244, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f240, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19f244*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f240*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.050] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x0, lpName=0x22136c4, lpcchName=0x19f260, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x19f260, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.050] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x1, lpName=0x22136c4, lpcchName=0x19f260, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x19f260, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.050] RegEnumKeyExW (in: hKey=0x674, dwIndex=0x2, lpName=0x22136c4, lpcchName=0x19f260, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x19f260, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.050] RegOpenKeyExW (in: hKey=0x674, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f21c | out: phkResult=0x19f21c*=0x664) returned 0x0 [0153.051] RegQueryValueExW (in: hKey=0x664, lpValueName="Email", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.051] RegQueryValueExW (in: hKey=0x664, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.052] RegCloseKey (hKey=0x664) returned 0x0 [0153.052] RegOpenKeyExW (in: hKey=0x674, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f21c | out: phkResult=0x19f21c*=0x664) returned 0x0 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="Email", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x1, lpData=0x0, lpcbData=0x19f238*=0x1e) returned 0x0 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="Email", lpReserved=0x0, lpType=0x19f23c, lpData=0x2213c00, lpcbData=0x19f238*=0x1e | out: lpType=0x19f23c*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f238*=0x1e) returned 0x0 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x3, lpData=0x0, lpcbData=0x19f238*=0x121) returned 0x0 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x2213c58, lpcbData=0x19f238*=0x121 | out: lpType=0x19f23c*=0x3, lpData=0x2213c58*, lpcbData=0x19f238*=0x121) returned 0x0 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.052] RegQueryValueExW (in: hKey=0x664, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x3, lpData=0x0, lpcbData=0x19f238*=0x121) returned 0x0 [0153.053] RegQueryValueExW (in: hKey=0x664, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x2213d88, lpcbData=0x19f238*=0x121 | out: lpType=0x19f23c*=0x3, lpData=0x2213d88*, lpcbData=0x19f238*=0x121) returned 0x0 [0153.053] RegQueryValueExW (in: hKey=0x664, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x3, lpData=0x0, lpcbData=0x19f238*=0x121) returned 0x0 [0153.053] RegQueryValueExW (in: hKey=0x664, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x2213eb8, lpcbData=0x19f238*=0x121 | out: lpType=0x19f23c*=0x3, lpData=0x2213eb8*, lpcbData=0x19f238*=0x121) returned 0x0 [0153.175] CryptUnprotectData (in: pDataIn=0x19f200, ppszDataDescr=0x0, pOptionalEntropy=0x19f1f8, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f208 | out: ppszDataDescr=0x0, pDataOut=0x19f208) returned 1 [0153.190] LocalFree (hMem=0x5d47c0) returned 0x0 [0153.193] RegQueryValueExW (in: hKey=0x664, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.193] RegQueryValueExW (in: hKey=0x664, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.193] RegQueryValueExW (in: hKey=0x664, lpValueName="Email", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x1, lpData=0x0, lpcbData=0x19f238*=0x1e) returned 0x0 [0153.193] RegQueryValueExW (in: hKey=0x664, lpValueName="Email", lpReserved=0x0, lpType=0x19f23c, lpData=0x22141e8, lpcbData=0x19f238*=0x1e | out: lpType=0x19f23c*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f238*=0x1e) returned 0x0 [0153.221] RegQueryValueExW (in: hKey=0x664, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x1, lpData=0x0, lpcbData=0x19f238*=0x1c) returned 0x0 [0153.221] RegQueryValueExW (in: hKey=0x664, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f23c, lpData=0x2215668, lpcbData=0x19f238*=0x1c | out: lpType=0x19f23c*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19f238*=0x1c) returned 0x0 [0153.226] RegCloseKey (hKey=0x664) returned 0x0 [0153.226] RegOpenKeyExW (in: hKey=0x674, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f21c | out: phkResult=0x19f21c*=0x664) returned 0x0 [0153.226] RegQueryValueExW (in: hKey=0x664, lpValueName="Email", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.226] RegQueryValueExW (in: hKey=0x664, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.226] RegQueryValueExW (in: hKey=0x664, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.226] RegQueryValueExW (in: hKey=0x664, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.226] RegQueryValueExW (in: hKey=0x664, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f23c, lpData=0x0, lpcbData=0x19f238*=0x0 | out: lpType=0x19f23c*=0x0, lpData=0x0, lpcbData=0x19f238*=0x0) returned 0x2 [0153.226] RegCloseKey (hKey=0x664) returned 0x0 [0153.247] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Classes\\Foxmail.url.mailto\\Shell\\open\\command", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2cc | out: phkResult=0x19f2cc*=0x0) returned 0x2 [0153.319] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.319] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.321] CoTaskMemFree (pv=0x5f3520) [0153.321] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.361] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", lpFilePart=0x0) returned 0x58 [0153.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.361] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\ya login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", lpFilePart=0x0) returned 0x58 [0153.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.434] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\ya login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.443] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.443] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.443] CoTaskMemFree (pv=0x5f3520) [0153.443] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.443] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0153.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.446] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0153.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.457] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.457] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.457] CoTaskMemFree (pv=0x5f3520) [0153.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x45 [0153.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xpom\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.460] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x45 [0153.460] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.460] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xpom\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.464] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.464] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.464] CoTaskMemFree (pv=0x5f3520) [0153.464] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.464] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0153.464] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.464] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.482] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0153.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.490] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.490] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.490] CoTaskMemFree (pv=0x5f3520) [0153.490] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.490] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0153.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.493] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0153.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.493] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.496] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.496] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.496] CoTaskMemFree (pv=0x5f3520) [0153.496] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.496] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0153.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.496] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.499] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0153.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.499] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.502] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.502] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.502] CoTaskMemFree (pv=0x5f3520) [0153.502] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.502] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0153.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.505] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0153.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.507] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.507] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.507] CoTaskMemFree (pv=0x5f3520) [0153.508] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.508] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0153.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.510] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0153.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.513] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.513] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.513] CoTaskMemFree (pv=0x5f3520) [0153.513] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.513] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0153.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.516] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0153.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.516] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.519] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.519] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.519] CoTaskMemFree (pv=0x5f3520) [0153.519] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.519] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0153.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.519] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\slimjet\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.522] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0153.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\slimjet\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.524] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.524] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.524] CoTaskMemFree (pv=0x5f3520) [0153.524] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.524] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0153.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.527] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0153.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.527] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.562] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.562] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.562] CoTaskMemFree (pv=0x5f3520) [0153.562] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.562] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0153.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.565] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0153.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.565] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.567] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.567] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.567] CoTaskMemFree (pv=0x5f3520) [0153.567] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.567] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0153.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.567] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.570] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0153.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.573] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.573] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.573] CoTaskMemFree (pv=0x5f3520) [0153.573] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.573] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0153.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.573] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.577] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0153.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.577] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.579] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.579] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.579] CoTaskMemFree (pv=0x5f3520) [0153.579] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.579] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4d [0153.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.579] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ghostbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.582] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4d [0153.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.582] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ghostbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.584] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.584] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.584] CoTaskMemFree (pv=0x5f3520) [0153.584] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.584] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0153.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.586] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0153.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.588] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.588] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.588] CoTaskMemFree (pv=0x5f3520) [0153.588] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.589] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0153.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xvast\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.591] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0153.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.591] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xvast\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.593] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.593] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.593] CoTaskMemFree (pv=0x5f3520) [0153.593] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.593] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0153.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.593] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.595] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0153.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.595] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.597] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.597] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.597] CoTaskMemFree (pv=0x5f3520) [0153.597] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.598] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0153.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\superbird\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.600] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0153.600] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.600] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\superbird\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.600] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.602] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.602] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.602] CoTaskMemFree (pv=0x5f3520) [0153.602] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.602] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x53 [0153.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360browser\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.604] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x53 [0153.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.604] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360browser\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.606] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.606] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.606] CoTaskMemFree (pv=0x5f3520) [0153.606] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.674] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0153.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.674] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.676] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0153.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.679] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.679] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.679] CoTaskMemFree (pv=0x5f3520) [0153.679] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.679] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0153.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.681] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0153.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.681] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.689] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.689] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.689] CoTaskMemFree (pv=0x5f3520) [0153.689] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.689] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x5c [0153.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.689] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.689] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.692] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x5c [0153.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.692] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.694] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.694] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.695] CoTaskMemFree (pv=0x5f3520) [0153.695] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.695] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0153.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.695] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.698] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0153.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.700] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.700] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.700] CoTaskMemFree (pv=0x5f3520) [0153.700] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.701] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", lpFilePart=0x0) returned 0x55 [0153.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.701] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucbrowser\\user data_i18n\\default\\uc login data.18"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.703] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", lpFilePart=0x0) returned 0x55 [0153.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucbrowser\\user data_i18n\\default\\uc login data.18"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.703] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.705] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.705] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.705] CoTaskMemFree (pv=0x5f3520) [0153.705] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.705] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0153.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blisk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.708] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0153.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blisk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.709] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.709] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5f3520 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.709] CoTaskMemFree (pv=0x5f3520) [0153.709] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.709] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0153.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.712] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0153.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.729] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", lpFilePart=0x0) returned 0x4c [0153.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f150) returned 1 [0153.729] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f1cc | out: lpFileInformation=0x19f1cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f14c) returned 1 [0153.729] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera\\profile\\wand.dat", nBufferLength=0x105, lpBuffer=0x19ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera\\profile\\wand.dat", lpFilePart=0x0) returned 0x42 [0153.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f150) returned 1 [0153.729] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera\\profile\\wand.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera\\opera\\profile\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f1cc | out: lpFileInformation=0x19f1cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f14c) returned 1 [0153.730] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ec40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0153.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0a0) returned 1 [0153.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x19f11c | out: lpFileInformation=0x19f11c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf895dd06, ftLastAccessTime.dwHighDateTime=0x1d7b06c, ftLastWriteTime.dwLowDateTime=0xf895dd06, ftLastWriteTime.dwHighDateTime=0x1d7b06c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f09c) returned 1 [0153.855] CoTaskMemAlloc (cb=0x20c) returned 0x5f3520 [0153.855] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5f3520, nSize=0x104 | out: lpBuffer="") returned 0x25 [0153.855] CoTaskMemFree (pv=0x5f3520) [0153.856] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x19eaa8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x41 [0153.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0153.856] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0153.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d1c0) returned 1 [0153.900] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0153.900] GetEnvironmentVariableW (in: lpName="AppData", lpBuffer=0x5d5170, nSize=0x104 | out: lpBuffer="") returned 0x25 [0153.900] CoTaskMemFree (pv=0x5d5170) [0153.900] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml", nBufferLength=0x105, lpBuffer=0x19eee8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml", lpFilePart=0x0) returned 0x3a [0153.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f348) returned 1 [0153.900] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\.purple\\accounts.xml"), fInfoLevelId=0x0, lpFileInformation=0x19f3c4 | out: lpFileInformation=0x19f3c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f344) returned 1 [0153.918] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0153.918] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.918] CoTaskMemFree (pv=0x5d5170) [0153.918] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.918] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Liebao7\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x19ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Liebao7\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x4e [0153.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0f0) returned 1 [0153.918] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Liebao7\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao7\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x19f16c | out: lpFileInformation=0x19f16c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0ec) returned 1 [0153.950] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0153.950] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.950] CoTaskMemFree (pv=0x5d5170) [0153.950] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ec8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.950] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\AVAST Software\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ec74, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\AVAST Software\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x57 [0153.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f0d4) returned 1 [0153.950] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\AVAST Software\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\avast software\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f150 | out: lpFileInformation=0x19f150*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f0d0) returned 1 [0153.954] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0153.955] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.955] CoTaskMemFree (pv=0x5d5170) [0153.955] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.955] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0153.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kinza\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.958] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0153.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kinza\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.962] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0153.962] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.962] CoTaskMemFree (pv=0x5d5170) [0153.962] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.962] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0153.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.962] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blackhawk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.965] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0153.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.965] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blackhawk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.979] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0153.979] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.980] CoTaskMemFree (pv=0x5d5170) [0153.980] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.980] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0153.980] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.983] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0153.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0153.993] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0153.993] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0153.993] CoTaskMemFree (pv=0x5d5170) [0153.993] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0153.993] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0153.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0153.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0153.997] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0153.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0153.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0153.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.005] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.005] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.005] CoTaskMemFree (pv=0x5d5170) [0154.005] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.005] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0154.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.005] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.008] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0154.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.008] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.022] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.022] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.022] CoTaskMemFree (pv=0x5d5170) [0154.022] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.022] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0154.022] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.025] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0154.025] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.025] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.028] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.028] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.028] CoTaskMemFree (pv=0x5d5170) [0154.028] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.028] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0154.028] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.028] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.035] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0154.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.038] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.038] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5d5170, nSize=0x104 | out: lpBuffer="") returned 0x25 [0154.038] CoTaskMemFree (pv=0x5d5170) [0154.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", lpFilePart=0x0) returned 0x6c [0154.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.042] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", lpFilePart=0x0) returned 0x6c [0154.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.052] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.052] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.052] CoTaskMemFree (pv=0x5d5170) [0154.052] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.052] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0154.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.053] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.056] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0154.056] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.056] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.059] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.059] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.060] CoTaskMemFree (pv=0x5d5170) [0154.060] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.060] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x57 [0154.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.063] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x57 [0154.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.064] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.064] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.065] CoTaskMemFree (pv=0x5d5170) [0154.065] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.065] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0154.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.065] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\salamweb\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.067] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0154.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.067] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\salamweb\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.069] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.069] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.069] CoTaskMemFree (pv=0x5d5170) [0154.069] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.069] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0154.069] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.072] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0154.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.072] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.072] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.074] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.074] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.074] CoTaskMemFree (pv=0x5d5170) [0154.074] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.074] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0154.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.074] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.077] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0154.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.077] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.079] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.079] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.079] CoTaskMemFree (pv=0x5d5170) [0154.079] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.079] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0154.079] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.082] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0154.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.084] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.084] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.084] CoTaskMemFree (pv=0x5d5170) [0154.084] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.084] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19ee24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0154.084] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0154.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.084] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0154.086] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0154.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f334) returned 1 [0154.087] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f3b0 | out: lpFileInformation=0x19f3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f330) returned 1 [0154.087] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.087] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.087] CoTaskMemFree (pv=0x5d5170) [0154.087] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ee98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.088] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19eeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0154.088] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f30c) returned 1 [0154.089] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb"), fInfoLevelId=0x0, lpFileInformation=0x19f388 | out: lpFileInformation=0x19f388*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f308) returned 1 [0154.089] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19eeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0154.089] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f30c) returned 1 [0154.089] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb"), fInfoLevelId=0x0, lpFileInformation=0x19f388 | out: lpFileInformation=0x19f388*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f308) returned 1 [0154.212] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19edb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0154.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2ac) returned 1 [0154.212] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0154.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d988) returned 1 [0154.366] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.366] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.367] CoTaskMemFree (pv=0x5d5170) [0154.367] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.367] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f354) returned 1 [0154.368] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles", nBufferLength=0x105, lpBuffer=0x19ee5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles", lpFilePart=0x0) returned 0x3d [0154.369] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\", lpFilePart=0x0) returned 0x3e [0154.369] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\*", lpFindFileData=0x19f07c | out: lpFindFileData=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f318) returned 1 [0154.386] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.386] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.386] CoTaskMemFree (pv=0x5d5170) [0154.386] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f354) returned 1 [0154.386] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles", nBufferLength=0x105, lpBuffer=0x19ee5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles", lpFilePart=0x0) returned 0x44 [0154.386] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\", lpFilePart=0x0) returned 0x45 [0154.386] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\*", lpFindFileData=0x19f07c | out: lpFindFileData=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f318) returned 1 [0154.404] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.404] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.404] CoTaskMemFree (pv=0x5d5170) [0154.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f354) returned 1 [0154.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x19ee5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x3e [0154.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpFilePart=0x0) returned 0x3f [0154.404] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x19f07c | out: lpFindFileData=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f318) returned 1 [0154.420] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.420] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.420] CoTaskMemFree (pv=0x5d5170) [0154.420] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f354) returned 1 [0154.420] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", lpFilePart=0x0) returned 0x3b [0154.420] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", lpFilePart=0x0) returned 0x3b [0154.420] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\*", lpFindFileData=0x19f07c | out: lpFindFileData=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f318) returned 1 [0154.438] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.438] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.438] CoTaskMemFree (pv=0x5d5170) [0154.438] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f354) returned 1 [0154.438] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles", nBufferLength=0x105, lpBuffer=0x19ee5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles", lpFilePart=0x0) returned 0x40 [0154.438] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\", lpFilePart=0x0) returned 0x41 [0154.438] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\*", lpFindFileData=0x19f07c | out: lpFindFileData=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f318) returned 1 [0154.489] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.489] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.489] CoTaskMemFree (pv=0x5d5170) [0154.489] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f354) returned 1 [0154.489] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles", nBufferLength=0x105, lpBuffer=0x19ee5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles", lpFilePart=0x0) returned 0x3f [0154.490] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles\\", lpFilePart=0x0) returned 0x40 [0154.490] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles\\*", lpFindFileData=0x19f07c | out: lpFindFileData=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f318) returned 1 [0154.506] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.506] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.506] CoTaskMemFree (pv=0x5d5170) [0154.506] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f354) returned 1 [0154.506] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles", nBufferLength=0x105, lpBuffer=0x19ee5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles", lpFilePart=0x0) returned 0x44 [0154.506] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\", lpFilePart=0x0) returned 0x45 [0154.506] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\*", lpFindFileData=0x19f07c | out: lpFindFileData=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f318) returned 1 [0154.536] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.536] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.536] CoTaskMemFree (pv=0x5d5170) [0154.536] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f354) returned 1 [0154.536] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles", nBufferLength=0x105, lpBuffer=0x19ee5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles", lpFilePart=0x0) returned 0x4e [0154.536] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\", lpFilePart=0x0) returned 0x4f [0154.537] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\*", lpFindFileData=0x19f07c | out: lpFindFileData=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f318) returned 1 [0154.552] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.552] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.552] CoTaskMemFree (pv=0x5d5170) [0154.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f354) returned 1 [0154.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles", nBufferLength=0x105, lpBuffer=0x19ee5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles", lpFilePart=0x0) returned 0x37 [0154.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\", lpFilePart=0x0) returned 0x38 [0154.552] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\*", lpFindFileData=0x19f07c | out: lpFindFileData=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f318) returned 1 [0154.571] CoTaskMemAlloc (cb=0x20c) returned 0x5d5170 [0154.571] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5170 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0154.572] CoTaskMemFree (pv=0x5d5170) [0154.572] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ede8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f354) returned 1 [0154.572] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles", nBufferLength=0x105, lpBuffer=0x19ee5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles", lpFilePart=0x0) returned 0x39 [0154.572] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19ee30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles\\", lpFilePart=0x0) returned 0x3a [0154.572] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles\\*", lpFindFileData=0x19f07c | out: lpFindFileData=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0154.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f318) returned 1 [0154.650] GetComputerNameW (in: lpBuffer=0x19f0a8, nSize=0x19f320 | out: lpBuffer="XC64ZB", nSize=0x19f320) returned 1 [0154.682] SysStringLen (param_1="anonymous@\x02") returned 0x10 [0154.682] SystemFunction040 (in: Memory=0x5fc8f4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x5fc8f4) returned 0x0 [0154.685] SysStringLen (param_1="Light1988@") returned 0x10 [0154.685] SystemFunction040 (in: Memory=0x5fc1f4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x5fc1f4) returned 0x0 [0154.703] GetUserNameW (in: lpBuffer=0x19f0ac, pcbBuffer=0x19f324 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f324) returned 1 [0154.704] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f104*=0x3c0, lpdwindex=0x19ef24 | out: lpdwindex=0x19ef24) returned 0x80010115 [0154.705] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f0e4*=0x3b0, lpdwindex=0x19ef04 | out: lpdwindex=0x19ef04) returned 0x80010115 [0154.705] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f0e4*=0x3b8, lpdwindex=0x19ef04 | out: lpdwindex=0x19ef04) returned 0x80010115 [0154.705] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f138*=0x47c, lpdwindex=0x19ef54 | out: lpdwindex=0x19ef54) returned 0x80010115 [0154.705] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f138*=0x484, lpdwindex=0x19ef54 | out: lpdwindex=0x19ef54) returned 0x80010115 [0154.706] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f138*=0x48c, lpdwindex=0x19ef54 | out: lpdwindex=0x19ef54) returned 0x80010115 [0154.712] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1048576, lpName=0x0) returned 0x664 [0154.712] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x67c [0154.713] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x680 [0154.713] SetEvent (hEvent=0x450) returned 1 [0154.714] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x19f0b0*=0x664, lpdwindex=0x19ef6c | out: lpdwindex=0x19ef6c) returned 0x0 [0154.716] ReleaseMutex (hMutex=0x680) returned 1 [0154.716] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x684 [0154.716] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x688 [0154.717] GetAddrInfoW (in: pNodeName="ftp.servicoscisi.shop", pServiceName=0x0, pHints=0x19f078*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f020 | out: ppResult=0x19f020*=0x5ee188*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="ftp.servicoscisi.shop", ai_addr=0x5f3e90*(sa_family=2, sin_port=0x0, sin_addr="104.219.248.99"), ai_next=0x0)) returned 0 [0154.723] FreeAddrInfoW (pAddrInfo=0x5ee188*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="ftp.servicoscisi.shop", ai_addr=0x5f3e90*(sa_family=2, sin_port=0x0, sin_addr="104.219.248.99"), ai_next=0x0)) [0154.723] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19efc0*=0x53c, lpdwindex=0x19eddc | out: lpdwindex=0x19eddc) returned 0x80010115 [0154.725] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19efc0*=0x544, lpdwindex=0x19eddc | out: lpdwindex=0x19eddc) returned 0x80010115 [0154.725] WSAConnect (in: s=0x684, name=0x225bfa8*(sa_family=2, sin_port=0x15, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0154.895] closesocket (s=0x688) returned 0 [0154.895] setsockopt (s=0x684, level=65535, optname=4101, optval="ç…\x01", optlen=4) returned 0 [0154.895] setsockopt (s=0x684, level=65535, optname=4102, optval="ç…\x01", optlen=4) returned 0 [0154.898] SysStringLen (param_1="pᩪ쫟ㄒᶠ欷읫爋뱼ꦿ獫皷ꪤМ᭧") returned 0x10 [0154.898] SystemFunction041 (in: Memory=0x5fc1f4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x5fc1f4) returned 0x0 [0154.899] SysStringLen (param_1="Light1988@") returned 0x10 [0154.899] SystemFunction040 (in: Memory=0x5fc1f4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x5fc1f4) returned 0x0 [0154.899] SysStringLen (param_1="Light1988@") returned 0xa [0154.899] SysStringLen (param_1="Light1988@") returned 0xa [0154.902] recv (in: s=0x684, buf=0x225c8a8, len=1024, flags=0 | out: buf=0x225c8a8*) returned 320 [0155.071] send (s=0x684, buf=0x225ddf8*, len=30, flags=0) returned 30 [0155.071] recv (in: s=0x684, buf=0x225dea0, len=1024, flags=0 | out: buf=0x225dea0*) returned 56 [0155.246] send (s=0x684, buf=0x225e534*, len=17, flags=0) returned 17 [0155.246] recv (in: s=0x684, buf=0x225e5d0, len=1024, flags=0 | out: buf=0x225e5d0*) returned 43 [0155.472] send (s=0x684, buf=0x225ec40*, len=14, flags=0) returned 14 [0155.473] recv (in: s=0x684, buf=0x225ecd8, len=1024, flags=0 | out: buf=0x225ecd8*) returned 21 [0155.665] send (s=0x684, buf=0x225f23c*, len=5, flags=0) returned 5 [0155.665] recv (in: s=0x684, buf=0x225f2cc, len=1024, flags=0 | out: buf=0x225f2cc*) returned 34 [0155.837] send (s=0x684, buf=0x225f894*, len=8, flags=0) returned 8 [0155.838] recv (in: s=0x684, buf=0x225f924, len=1024, flags=0 | out: buf=0x225f924*) returned 30 [0156.007] send (s=0x684, buf=0x225feb8*, len=6, flags=0) returned 6 [0156.008] recv (in: s=0x684, buf=0x225ff48, len=1024, flags=0 | out: buf=0x225ff48*) returned 50 [0156.182] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x688 [0156.183] getsockname (in: s=0x684, name=0x2260c50, namelen=0x2260c38 | out: name=0x2260c50*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x2260c38) returned 0 [0156.185] bind (s=0x688, addr=0x2260e80*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0156.185] WSAConnect (in: s=0x688, name=0x2260f3c*(sa_family=2, sin_port=0x2f42, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0156.355] send (s=0x684, buf=0x2261008*, len=54, flags=0) returned 54 [0156.356] recv (in: s=0x684, buf=0x22610c8, len=1024, flags=0 | out: buf=0x22610c8*) returned 30 [0156.532] setsockopt (s=0x688, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0156.532] setsockopt (s=0x688, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0156.532] send (s=0x688, buf=0x225a69c*, len=364, flags=0) returned 364 [0156.533] shutdown (s=0x688, how=2) returned 0 [0156.533] closesocket (s=0x688) returned 0 [0156.534] recv (in: s=0x684, buf=0x2261750, len=1024, flags=0 | out: buf=0x2261750*) returned 94 [0156.716] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0164.767] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76300000 [0164.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f2bc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW©pƵ$ø «\x1bshö\x19", lpUsedDefaultChar=0x0) returned 14 [0164.768] GetProcAddress (hModule=0x76300000, lpProcName="DefWindowProcW") returned 0x772eaee0 [0164.769] GetStockObject (i=5) returned 0x1900015 [0164.771] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0164.776] CoTaskMemAlloc (cb=0x5a) returned 0x5faca8 [0164.776] RegisterClassW (lpWndClass=0x19f2ac) returned 0xc1d9 [0164.777] CoTaskMemFree (pv=0x5faca8) [0164.777] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0164.777] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.ea7f4a_r35_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x602d2 [0164.785] SetWindowLongW (hWnd=0x602d2, nIndex=-4, dwNewLong=1999548128) returned 75499126 [0164.787] GetWindowLongW (hWnd=0x602d2, nIndex=-4) returned 1999548128 [0164.788] GetCurrentProcess () returned 0xffffffff [0164.789] GetCurrentThread () returned 0xfffffffe [0164.789] GetCurrentProcess () returned 0xffffffff [0164.789] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19eb88, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19eb88*=0x688) returned 1 [0164.794] GetCurrentThreadId () returned 0x127c [0164.795] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eb0c | out: phkResult=0x19eb0c*=0x66c) returned 0x0 [0164.796] RegQueryValueExW (in: hKey=0x66c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19eb2c, lpData=0x0, lpcbData=0x19eb28*=0x0 | out: lpType=0x19eb2c*=0x0, lpData=0x0, lpcbData=0x19eb28*=0x0) returned 0x2 [0164.796] RegQueryValueExW (in: hKey=0x66c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19eb2c, lpData=0x0, lpcbData=0x19eb28*=0x0 | out: lpType=0x19eb2c*=0x0, lpData=0x0, lpcbData=0x19eb28*=0x0) returned 0x2 [0164.796] RegCloseKey (hKey=0x66c) returned 0x0 [0164.798] SetWindowLongW (hWnd=0x602d2, nIndex=-4, dwNewLong=75499166) returned 1999548128 [0164.798] GetWindowLongW (hWnd=0x602d2, nIndex=-4) returned 75499166 [0164.798] GetWindowLongW (hWnd=0x602d2, nIndex=-16) returned 79691776 [0164.800] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x602d2, Msg=0x24, wParam=0x0, lParam=0x19ee24) returned 0x0 [0164.800] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1d0 [0164.801] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x602d2, Msg=0x81, wParam=0x0, lParam=0x19ee18) returned 0x1 [0164.802] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x602d2, Msg=0x83, wParam=0x0, lParam=0x19ee04) returned 0x0 [0165.117] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x602d2, Msg=0x1, wParam=0x0, lParam=0x19ee18) returned 0x0 [0165.119] SetTimer (hWnd=0x602d2, nIDEvent=0x1, uElapse=0x64, lpTimerFunc=0x0) returned 0x1 [0165.122] GetWindowThreadProcessId (in: hWnd=0x602d2, lpdwProcessId=0x19f3ec | out: lpdwProcessId=0x19f3ec) returned 0x127c [0165.122] GetCurrentThreadId () returned 0x127c [0165.122] IsWindow (hWnd=0x602d2) returned 1 [0165.122] KillTimer (hWnd=0x602d2, uIDEvent=0x1) returned 1 [0165.122] SetTimer (hWnd=0x602d2, nIDEvent=0x2, uElapse=0xea60, lpTimerFunc=0x0) returned 0x2 [0174.218] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1d5 [0174.219] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1d1 [0174.231] GetSystemMetrics (nIndex=75) returned 1 [0174.259] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0174.932] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x70600000 [0176.030] GetStockObject (i=5) returned 0x1900015 [0176.031] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0176.031] CoTaskMemAlloc (cb=0x5a) returned 0x5faaa0 [0176.032] RegisterClassW (lpWndClass=0x19f200) returned 0xc1d3 [0176.032] CoTaskMemFree (pv=0x5faaa0) [0176.032] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0176.032] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.ea7f4a_r35_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x50272 [0176.034] SetWindowLongW (hWnd=0x50272, nIndex=-4, dwNewLong=1999548128) returned 75499206 [0176.035] GetWindowLongW (hWnd=0x50272, nIndex=-4) returned 1999548128 [0176.036] SetWindowLongW (hWnd=0x50272, nIndex=-4, dwNewLong=75499246) returned 1999548128 [0176.036] GetWindowLongW (hWnd=0x50272, nIndex=-4) returned 75499246 [0176.036] GetWindowLongW (hWnd=0x50272, nIndex=-16) returned 113311744 [0176.036] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1d4 [0176.036] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x50272, Msg=0x24, wParam=0x0, lParam=0x19ed74) returned 0x0 [0176.037] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x50272, Msg=0x81, wParam=0x0, lParam=0x19ed68) returned 0x1 [0176.038] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x50272, Msg=0x83, wParam=0x0, lParam=0x19ed54) returned 0x0 [0176.038] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x50272, Msg=0x1, wParam=0x0, lParam=0x19ed68) returned 0x0 [0176.039] GetClientRect (in: hWnd=0x50272, lpRect=0x19ea94 | out: lpRect=0x19ea94) returned 1 [0176.039] GetWindowRect (in: hWnd=0x50272, lpRect=0x19ea94 | out: lpRect=0x19ea94) returned 1 [0176.041] GetParent (hWnd=0x50272) returned 0x0 [0176.045] OleInitialize (pvReserved=0x0) returned 0x0 [0176.046] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x19f420 | out: lplpMessageFilter=0x19f420*=0x0) returned 0x0 [0176.047] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0176.048] IsWindowUnicode (hWnd=0x602d2) returned 1 [0176.048] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0176.049] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0176.050] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0176.097] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0176.100] SysStringLen (param_1="Light1988@cisi.s") returned 0x10 [0176.100] SystemFunction040 (in: Memory=0x6085cc, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6085cc) returned 0x0 [0176.101] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0176.103] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0176.104] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0176.104] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0176.105] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x0 [0176.105] GetCurrentProcess () returned 0xffffffff [0176.105] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19edf8 | out: TokenHandle=0x19edf8*=0x698) returned 1 [0176.107] RegNotifyChangeKeyValue (hKey=0x478, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x47c, fAsynchronous=1) returned 0x0 [0176.108] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0176.108] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0176.109] GetCurrentProcess () returned 0xffffffff [0176.109] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19edc4 | out: TokenHandle=0x19edc4*=0x69c) returned 1 [0176.109] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19edb8 | out: pProxyConfig=0x19edb8) returned 1 [0176.121] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x18690, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0176.121] setsockopt (s=0x684, level=65535, optname=4101, optval="\x8e\x86\x01", optlen=4) returned 0 [0176.122] setsockopt (s=0x684, level=65535, optname=4102, optval="\x8e\x86\x01", optlen=4) returned 0 [0176.123] send (s=0x684, buf=0x2266fb8*, len=6, flags=0) returned 6 [0176.124] recv (in: s=0x684, buf=0x2267048, len=1024, flags=0 | out: buf=0x2267048*) returned 50 [0176.295] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x6a8 [0176.296] getsockname (in: s=0x684, name=0x2267a88, namelen=0x2267a70 | out: name=0x2267a88*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x2267a70) returned 0 [0176.296] bind (s=0x6a8, addr=0x2267c20*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0176.297] WSAConnect (in: s=0x6a8, name=0x2267cc0*(sa_family=2, sin_port=0x2f24, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0176.472] send (s=0x684, buf=0x2267d8c*, len=54, flags=0) returned 54 [0176.473] recv (in: s=0x684, buf=0x2267e4c, len=1024, flags=0 | out: buf=0x2267e4c*) returned 30 [0176.648] setsockopt (s=0x6a8, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0176.648] setsockopt (s=0x6a8, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0176.648] send (s=0x6a8, buf=0x22668a0*, len=364, flags=0) returned 364 [0176.649] shutdown (s=0x6a8, how=2) returned 0 [0176.650] closesocket (s=0x6a8) returned 0 [0176.650] recv (in: s=0x684, buf=0x22684a4, len=1024, flags=0 | out: buf=0x22684a4*) returned 94 [0176.826] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0176.826] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0176.827] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0176.827] WaitMessage () returned 1 [0185.988] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0185.989] IsWindowUnicode (hWnd=0x602d2) returned 1 [0185.989] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0185.989] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0185.989] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0185.991] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0185.995] SysStringLen (param_1="Light1988@\x10") returned 0x10 [0185.995] SystemFunction040 (in: Memory=0x608674, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x608674) returned 0x0 [0185.996] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0185.999] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0186.000] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0186.000] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0186.001] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0186.001] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0186.001] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0186.002] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1869e, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0186.003] setsockopt (s=0x684, level=65535, optname=4101, optval="\x9c\x86\x01", optlen=4) returned 0 [0186.003] setsockopt (s=0x684, level=65535, optname=4102, optval="\x9c\x86\x01", optlen=4) returned 0 [0186.003] send (s=0x684, buf=0x226b1cc*, len=6, flags=0) returned 6 [0186.010] recv (in: s=0x684, buf=0x226b25c, len=1024, flags=0 | out: buf=0x226b25c*) returned 49 [0186.196] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x6a8 [0186.197] getsockname (in: s=0x684, name=0x226bc88, namelen=0x226bc70 | out: name=0x226bc88*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x226bc70) returned 0 [0186.198] bind (s=0x6a8, addr=0x226be20*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0186.198] WSAConnect (in: s=0x6a8, name=0x226bec0*(sa_family=2, sin_port=0x2f09, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0186.371] send (s=0x684, buf=0x226bf8c*, len=54, flags=0) returned 54 [0186.371] recv (in: s=0x684, buf=0x226c04c, len=1024, flags=0 | out: buf=0x226c04c*) returned 30 [0186.545] setsockopt (s=0x6a8, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0186.545] setsockopt (s=0x6a8, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0186.545] send (s=0x6a8, buf=0x226ac00*, len=364, flags=0) returned 364 [0186.545] shutdown (s=0x6a8, how=2) returned 0 [0186.546] closesocket (s=0x6a8) returned 0 [0186.546] recv (in: s=0x684, buf=0x226c6a4, len=1024, flags=0 | out: buf=0x226c6a4*) returned 94 [0186.718] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0186.718] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0186.718] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0186.718] WaitMessage () returned 1 [0196.006] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0196.007] IsWindowUnicode (hWnd=0x602d2) returned 1 [0196.007] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0196.007] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0196.007] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0196.008] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0196.014] SysStringLen (param_1="Light1988@cisi.s") returned 0x10 [0196.014] SystemFunction040 (in: Memory=0x60878c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x60878c) returned 0x0 [0196.015] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0196.018] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0196.019] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0196.019] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x0 [0196.019] WSAIoctl (in: s=0x3b4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ee1c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ee1c, lpOverlapped=0x0) returned -1 [0196.020] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eb4c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0196.021] WSAEventSelect (s=0x3b4, hEventObject=0x3b8, lNetworkEvents=512) returned 0 [0196.021] CoTaskMemAlloc (cb=0xcc0) returned 0x5dbfb8 [0196.022] RasEnumConnectionsW (in: param_1=0x5dbfb8, param_2=0x19ee48, param_3=0x19ee4c | out: param_1=0x5dbfb8, param_2=0x19ee48, param_3=0x19ee4c) returned 0x0 [0196.029] CoTaskMemFree (pv=0x5dbfb8) [0196.030] GetCurrentProcess () returned 0xffffffff [0196.030] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19edc4 | out: TokenHandle=0x19edc4*=0x2cc) returned 1 [0196.031] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19edb8 | out: pProxyConfig=0x19edb8) returned 1 [0196.053] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0196.054] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0196.054] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0196.055] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x18674, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0196.055] setsockopt (s=0x684, level=65535, optname=4101, optval="t\x86\x01", optlen=4) returned 0 [0196.056] setsockopt (s=0x684, level=65535, optname=4102, optval="t\x86\x01", optlen=4) returned 0 [0196.056] send (s=0x684, buf=0x226f9f8*, len=6, flags=0) returned 6 [0196.059] recv (in: s=0x684, buf=0x226fa88, len=1024, flags=0 | out: buf=0x226fa88*) returned 51 [0196.243] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x68c [0196.244] getsockname (in: s=0x684, name=0x22704d4, namelen=0x22704bc | out: name=0x22704d4*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x22704bc) returned 0 [0196.244] bind (s=0x68c, addr=0x227066c*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0196.245] WSAConnect (in: s=0x68c, name=0x227070c*(sa_family=2, sin_port=0x2eff, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0196.419] send (s=0x684, buf=0x22707d8*, len=54, flags=0) returned 54 [0196.419] recv (in: s=0x684, buf=0x2270898, len=1024, flags=0 | out: buf=0x2270898*) returned 30 [0196.597] setsockopt (s=0x68c, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0196.597] setsockopt (s=0x68c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0196.597] send (s=0x68c, buf=0x226edf4*, len=364, flags=0) returned 364 [0196.597] shutdown (s=0x68c, how=2) returned 0 [0196.598] closesocket (s=0x68c) returned 0 [0196.598] recv (in: s=0x684, buf=0x2270ef0, len=1024, flags=0 | out: buf=0x2270ef0*) returned 94 [0196.783] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0196.783] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0196.783] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0196.783] WaitMessage () returned 1 [0206.005] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0206.005] IsWindowUnicode (hWnd=0x602d2) returned 1 [0206.005] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0206.006] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0206.006] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0206.007] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0206.015] SysStringLen (param_1="Light1988@eTraci") returned 0x10 [0206.016] SystemFunction040 (in: Memory=0x608a64, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x608a64) returned 0x0 [0206.017] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0206.020] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0206.021] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0206.022] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0206.023] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0206.024] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0206.025] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0206.026] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1869a, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0206.027] setsockopt (s=0x684, level=65535, optname=4101, optval="\x99\x86\x01", optlen=4) returned 0 [0206.028] setsockopt (s=0x684, level=65535, optname=4102, optval="\x99\x86\x01", optlen=4) returned 0 [0206.029] send (s=0x684, buf=0x2273c68*, len=6, flags=0) returned 6 [0206.032] recv (in: s=0x684, buf=0x2273cf8, len=1024, flags=0 | out: buf=0x2273cf8*) returned 50 [0206.212] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x68c [0206.213] getsockname (in: s=0x684, name=0x2274738, namelen=0x2274720 | out: name=0x2274738*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x2274720) returned 0 [0206.214] bind (s=0x68c, addr=0x22748d0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0206.215] WSAConnect (in: s=0x68c, name=0x2274970*(sa_family=2, sin_port=0x2f43, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0206.388] send (s=0x684, buf=0x2274a3c*, len=54, flags=0) returned 54 [0206.389] recv (in: s=0x684, buf=0x2274afc, len=1024, flags=0 | out: buf=0x2274afc*) returned 30 [0206.597] setsockopt (s=0x68c, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0206.597] setsockopt (s=0x68c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0206.597] send (s=0x68c, buf=0x227369c*, len=364, flags=0) returned 364 [0206.599] shutdown (s=0x68c, how=2) returned 0 [0206.600] closesocket (s=0x68c) returned 0 [0206.600] recv (in: s=0x684, buf=0x2275154, len=1024, flags=0 | out: buf=0x2275154*) returned 94 [0206.773] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0206.774] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0206.774] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0206.774] WaitMessage () returned 1 [0216.007] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0216.007] IsWindowUnicode (hWnd=0x602d2) returned 1 [0216.007] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0216.007] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0216.007] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0216.008] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0216.011] SysStringLen (param_1="Light1988@ǁ") returned 0x10 [0216.011] SystemFunction040 (in: Memory=0x60894c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x60894c) returned 0x0 [0216.011] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0216.013] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0216.014] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0216.014] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0216.014] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0216.014] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0216.015] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0216.015] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0216.015] setsockopt (s=0x684, level=65535, optname=4101, optval=" \x86\x01", optlen=4) returned 0 [0216.016] setsockopt (s=0x684, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0216.016] send (s=0x684, buf=0x2277e70*, len=6, flags=0) returned 6 [0216.017] recv (in: s=0x684, buf=0x2277f00, len=1024, flags=0 | out: buf=0x2277f00*) returned 50 [0216.188] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x68c [0216.189] getsockname (in: s=0x684, name=0x2278940, namelen=0x2278928 | out: name=0x2278940*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x2278928) returned 0 [0216.189] bind (s=0x68c, addr=0x2278ad8*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0216.189] WSAConnect (in: s=0x68c, name=0x2278b78*(sa_family=2, sin_port=0x2f0d, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0216.364] send (s=0x684, buf=0x2278c44*, len=54, flags=0) returned 54 [0216.364] recv (in: s=0x684, buf=0x2278d04, len=1024, flags=0 | out: buf=0x2278d04*) returned 30 [0216.535] setsockopt (s=0x68c, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0216.535] setsockopt (s=0x68c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0216.535] send (s=0x68c, buf=0x22778a4*, len=364, flags=0) returned 364 [0216.535] shutdown (s=0x68c, how=2) returned 0 [0216.536] closesocket (s=0x68c) returned 0 [0216.536] recv (in: s=0x684, buf=0x227935c, len=1024, flags=0 | out: buf=0x227935c*) returned 94 [0216.713] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0216.713] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0216.713] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0216.713] WaitMessage () returned 1 [0226.024] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0226.024] IsWindowUnicode (hWnd=0x602d2) returned 1 [0226.024] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0226.024] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0226.024] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0226.025] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0226.028] SysStringLen (param_1="Light1988@\x10") returned 0x10 [0226.028] SystemFunction040 (in: Memory=0x60847c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x60847c) returned 0x0 [0226.029] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0226.030] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0226.045] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0226.046] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x0 [0226.046] WSAIoctl (in: s=0x3b4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ee1c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ee1c, lpOverlapped=0x0) returned -1 [0226.046] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eb4c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0226.047] WSAEventSelect (s=0x3b4, hEventObject=0x3b8, lNetworkEvents=512) returned 0 [0226.047] CoTaskMemAlloc (cb=0xcc0) returned 0x5e49c0 [0226.048] RasEnumConnectionsW (in: param_1=0x5e49c0, param_2=0x19ee48, param_3=0x19ee4c | out: param_1=0x5e49c0, param_2=0x19ee48, param_3=0x19ee4c) returned 0x0 [0226.052] CoTaskMemFree (pv=0x5e49c0) [0226.052] GetCurrentProcess () returned 0xffffffff [0226.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19edc4 | out: TokenHandle=0x19edc4*=0x68c) returned 1 [0226.053] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19edb8 | out: pProxyConfig=0x19edb8) returned 1 [0226.065] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0226.065] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0226.065] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0226.066] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x18681, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0226.066] setsockopt (s=0x684, level=65535, optname=4101, optval="\x81\x86\x01", optlen=4) returned 0 [0226.067] setsockopt (s=0x684, level=65535, optname=4102, optval="\x81\x86\x01", optlen=4) returned 0 [0226.067] send (s=0x684, buf=0x227c6b0*, len=6, flags=0) returned 6 [0226.070] recv (in: s=0x684, buf=0x227c740, len=1024, flags=0 | out: buf=0x227c740*) returned 50 [0226.239] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x6a8 [0226.240] getsockname (in: s=0x684, name=0x227d180, namelen=0x227d168 | out: name=0x227d180*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x227d168) returned 0 [0226.240] bind (s=0x6a8, addr=0x227d318*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0226.240] WSAConnect (in: s=0x6a8, name=0x227d3b8*(sa_family=2, sin_port=0x2f3f, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0226.427] send (s=0x684, buf=0x227d484*, len=54, flags=0) returned 54 [0226.427] recv (in: s=0x684, buf=0x227d544, len=1024, flags=0 | out: buf=0x227d544*) returned 30 [0226.601] setsockopt (s=0x6a8, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0226.601] setsockopt (s=0x6a8, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0226.601] send (s=0x6a8, buf=0x227baac*, len=364, flags=0) returned 364 [0226.601] shutdown (s=0x6a8, how=2) returned 0 [0226.602] closesocket (s=0x6a8) returned 0 [0226.602] recv (in: s=0x684, buf=0x227db9c, len=1024, flags=0 | out: buf=0x227db9c*) returned 94 [0226.777] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0226.777] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0226.777] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0226.777] WaitMessage () returned 1 [0236.031] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0236.031] IsWindowUnicode (hWnd=0x602d2) returned 1 [0236.031] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0236.032] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0236.032] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0236.034] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0236.040] SysStringLen (param_1="Light1988@") returned 0x10 [0236.040] SystemFunction040 (in: Memory=0x608604, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x608604) returned 0x0 [0236.041] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0236.044] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0236.045] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0236.045] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0236.046] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0236.046] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0236.046] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0236.047] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0236.048] setsockopt (s=0x684, level=65535, optname=4101, optval=" \x86\x01", optlen=4) returned 0 [0236.048] setsockopt (s=0x684, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0236.049] send (s=0x684, buf=0x22808b8*, len=6, flags=0) returned 6 [0236.051] recv (in: s=0x684, buf=0x2280948, len=1024, flags=0 | out: buf=0x2280948*) returned 50 [0236.225] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x6a8 [0236.227] getsockname (in: s=0x684, name=0x2281388, namelen=0x2281370 | out: name=0x2281388*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x2281370) returned 0 [0236.227] bind (s=0x6a8, addr=0x2281520*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0236.228] WSAConnect (in: s=0x6a8, name=0x22815c0*(sa_family=2, sin_port=0x2f4c, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0236.401] send (s=0x684, buf=0x228168c*, len=54, flags=0) returned 54 [0236.401] recv (in: s=0x684, buf=0x228174c, len=1024, flags=0 | out: buf=0x228174c*) returned 30 [0236.572] setsockopt (s=0x6a8, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0236.572] setsockopt (s=0x6a8, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0236.572] send (s=0x6a8, buf=0x22802ec*, len=364, flags=0) returned 364 [0236.573] shutdown (s=0x6a8, how=2) returned 0 [0236.573] closesocket (s=0x6a8) returned 0 [0236.574] recv (in: s=0x684, buf=0x2281da4, len=1024, flags=0 | out: buf=0x2281da4*) returned 94 [0236.749] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0236.749] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0236.749] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0236.749] WaitMessage () returned 1 [0246.035] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0246.036] IsWindowUnicode (hWnd=0x602d2) returned 1 [0246.036] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0246.036] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0246.036] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0246.038] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0246.044] SysStringLen (param_1="Light1988@\x10") returned 0x10 [0246.044] SystemFunction040 (in: Memory=0x60886c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x60886c) returned 0x0 [0246.044] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0246.047] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0246.048] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0246.049] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0246.049] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0246.049] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0246.050] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0246.050] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1869d, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0246.051] setsockopt (s=0x684, level=65535, optname=4101, optval="\x9c\x86\x01", optlen=4) returned 0 [0246.051] setsockopt (s=0x684, level=65535, optname=4102, optval="\x9c\x86\x01", optlen=4) returned 0 [0246.052] send (s=0x684, buf=0x2284ac0*, len=6, flags=0) returned 6 [0246.054] recv (in: s=0x684, buf=0x2284b50, len=1024, flags=0 | out: buf=0x2284b50*) returned 50 [0246.225] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x6a8 [0246.226] getsockname (in: s=0x684, name=0x2285590, namelen=0x2285578 | out: name=0x2285590*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x2285578) returned 0 [0246.226] bind (s=0x6a8, addr=0x2285728*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0246.227] WSAConnect (in: s=0x6a8, name=0x22857c8*(sa_family=2, sin_port=0x2f43, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0246.399] send (s=0x684, buf=0x2285894*, len=54, flags=0) returned 54 [0246.400] recv (in: s=0x684, buf=0x2285954, len=1024, flags=0 | out: buf=0x2285954*) returned 30 [0246.571] setsockopt (s=0x6a8, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0246.572] setsockopt (s=0x6a8, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0246.572] send (s=0x6a8, buf=0x22844f4*, len=364, flags=0) returned 364 [0246.572] shutdown (s=0x6a8, how=2) returned 0 [0246.573] closesocket (s=0x6a8) returned 0 [0246.573] recv (in: s=0x684, buf=0x2285fac, len=1024, flags=0 | out: buf=0x2285fac*) returned 94 [0246.748] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0246.748] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0246.748] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0246.748] WaitMessage () returned 1 [0256.049] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0256.050] IsWindowUnicode (hWnd=0x602d2) returned 1 [0256.050] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0256.050] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0256.050] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0256.052] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0256.058] SysStringLen (param_1="Light1988@") returned 0x10 [0256.058] SystemFunction040 (in: Memory=0x609004, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x609004) returned 0x0 [0256.059] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0256.060] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0256.061] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0256.061] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0256.061] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0256.061] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0256.062] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0256.062] SetEvent (hEvent=0x450) returned 1 [0256.062] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0256.063] setsockopt (s=0x684, level=65535, optname=4101, optval=" \x86\x01", optlen=4) returned 0 [0256.063] setsockopt (s=0x684, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0256.064] send (s=0x684, buf=0x228937c*, len=6, flags=0) returned 6 [0256.065] recv (in: s=0x684, buf=0x228940c, len=1024, flags=0 | out: buf=0x228940c*) returned 50 [0256.239] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x578 [0256.240] getsockname (in: s=0x684, name=0x2289e60, namelen=0x2289e48 | out: name=0x2289e60*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x2289e48) returned 0 [0256.240] bind (s=0x578, addr=0x2289ff8*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0256.241] WSAConnect (in: s=0x578, name=0x228a098*(sa_family=2, sin_port=0x2f4e, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0256.422] send (s=0x684, buf=0x228a164*, len=54, flags=0) returned 54 [0256.423] recv (in: s=0x684, buf=0x228a224, len=1024, flags=0 | out: buf=0x228a224*) returned 30 [0256.597] setsockopt (s=0x578, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0256.597] setsockopt (s=0x578, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0256.597] send (s=0x578, buf=0x2288b68*, len=364, flags=0) returned 364 [0256.598] shutdown (s=0x578, how=2) returned 0 [0256.598] closesocket (s=0x578) returned 0 [0256.599] recv (in: s=0x684, buf=0x228a87c, len=1024, flags=0 | out: buf=0x228a87c*) returned 94 [0256.770] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0256.770] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0256.770] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0256.770] WaitMessage () returned 1 [0266.061] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0266.062] IsWindowUnicode (hWnd=0x602d2) returned 1 [0266.062] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0266.062] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0266.062] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0266.064] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0266.070] SysStringLen (param_1="Light1988@") returned 0x10 [0266.070] SystemFunction040 (in: Memory=0x609074, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x609074) returned 0x0 [0266.071] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0266.074] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0266.074] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0266.074] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x0 [0266.075] WSAIoctl (in: s=0x3b4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ee1c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ee1c, lpOverlapped=0x0) returned -1 [0266.075] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eb4c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0266.076] WSAEventSelect (s=0x3b4, hEventObject=0x3b8, lNetworkEvents=512) returned 0 [0266.076] CoTaskMemAlloc (cb=0xcc0) returned 0x5ebc78 [0266.077] RasEnumConnectionsW (in: param_1=0x5ebc78, param_2=0x19ee48, param_3=0x19ee4c | out: param_1=0x5ebc78, param_2=0x19ee48, param_3=0x19ee4c) returned 0x0 [0266.080] CoTaskMemFree (pv=0x5ebc78) [0266.081] GetCurrentProcess () returned 0xffffffff [0266.081] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19edc4 | out: TokenHandle=0x19edc4*=0x578) returned 1 [0266.082] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19edb8 | out: pProxyConfig=0x19edb8) returned 1 [0266.093] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0266.094] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0266.094] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0266.095] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1867e, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0266.095] setsockopt (s=0x684, level=65535, optname=4101, optval="~\x86\x01", optlen=4) returned 0 [0266.095] setsockopt (s=0x684, level=65535, optname=4102, optval="~\x86\x01", optlen=4) returned 0 [0266.096] send (s=0x684, buf=0x228dbd0*, len=6, flags=0) returned 6 [0266.097] recv (in: s=0x684, buf=0x228dc60, len=1024, flags=0 | out: buf=0x228dc60*) returned 50 [0266.272] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x6b4 [0266.273] getsockname (in: s=0x684, name=0x228e6a0, namelen=0x228e688 | out: name=0x228e6a0*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x228e688) returned 0 [0266.273] bind (s=0x6b4, addr=0x228e838*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0266.273] WSAConnect (in: s=0x6b4, name=0x228e8d8*(sa_family=2, sin_port=0x2f1b, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0266.444] send (s=0x684, buf=0x228e9a4*, len=54, flags=0) returned 54 [0266.444] recv (in: s=0x684, buf=0x228ea64, len=1024, flags=0 | out: buf=0x228ea64*) returned 30 [0266.619] setsockopt (s=0x6b4, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0266.619] setsockopt (s=0x6b4, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0266.620] send (s=0x6b4, buf=0x228cfcc*, len=364, flags=0) returned 364 [0266.621] shutdown (s=0x6b4, how=2) returned 0 [0266.622] closesocket (s=0x6b4) returned 0 [0266.622] recv (in: s=0x684, buf=0x228f0bc, len=1024, flags=0 | out: buf=0x228f0bc*) returned 94 [0266.797] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0266.798] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0266.798] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0266.798] WaitMessage () returned 1 [0276.059] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0276.059] IsWindowUnicode (hWnd=0x602d2) returned 1 [0276.059] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0276.059] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0276.059] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0276.061] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0276.065] SysStringLen (param_1="Light1988@\x01") returned 0x10 [0276.065] SystemFunction040 (in: Memory=0x608c84, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x608c84) returned 0x0 [0276.065] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0276.067] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0276.067] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0276.068] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0276.068] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0276.068] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0276.069] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0276.069] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0276.070] setsockopt (s=0x684, level=65535, optname=4101, optval=" \x86\x01", optlen=4) returned 0 [0276.070] setsockopt (s=0x684, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0276.071] send (s=0x684, buf=0x2291dd8*, len=6, flags=0) returned 6 [0276.073] recv (in: s=0x684, buf=0x2291e68, len=1024, flags=0 | out: buf=0x2291e68*) returned 50 [0276.278] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4bc [0276.279] getsockname (in: s=0x684, name=0x22928a8, namelen=0x2292890 | out: name=0x22928a8*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x2292890) returned 0 [0276.279] bind (s=0x4bc, addr=0x2292a40*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0276.280] WSAConnect (in: s=0x4bc, name=0x2292ae0*(sa_family=2, sin_port=0x2f4e, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0276.457] send (s=0x684, buf=0x2292bac*, len=54, flags=0) returned 54 [0276.458] recv (in: s=0x684, buf=0x2292c6c, len=1024, flags=0 | out: buf=0x2292c6c*) returned 30 [0276.632] setsockopt (s=0x4bc, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0276.632] setsockopt (s=0x4bc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0276.632] send (s=0x4bc, buf=0x229180c*, len=364, flags=0) returned 364 [0276.633] shutdown (s=0x4bc, how=2) returned 0 [0276.633] closesocket (s=0x4bc) returned 0 [0276.635] recv (in: s=0x684, buf=0x22932c4, len=1024, flags=0 | out: buf=0x22932c4*) returned 94 [0276.817] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0276.817] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0276.817] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0276.817] WaitMessage () returned 1 [0286.053] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0286.054] IsWindowUnicode (hWnd=0x602d2) returned 1 [0286.054] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0286.054] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0286.054] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0286.057] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0286.063] SysStringLen (param_1="Light1988@") returned 0x10 [0286.063] SystemFunction040 (in: Memory=0x608cbc, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x608cbc) returned 0x0 [0286.063] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0286.065] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0286.066] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0286.066] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0286.066] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0286.066] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0286.067] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0286.067] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x18691, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0286.068] setsockopt (s=0x684, level=65535, optname=4101, optval="\x91\x86\x01", optlen=4) returned 0 [0286.068] setsockopt (s=0x684, level=65535, optname=4102, optval="\x91\x86\x01", optlen=4) returned 0 [0286.069] send (s=0x684, buf=0x2295fe0*, len=6, flags=0) returned 6 [0286.069] recv (in: s=0x684, buf=0x2296070, len=1024, flags=0 | out: buf=0x2296070*) returned 50 [0286.249] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4bc [0286.250] getsockname (in: s=0x684, name=0x2296ab0, namelen=0x2296a98 | out: name=0x2296ab0*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x2296a98) returned 0 [0286.250] bind (s=0x4bc, addr=0x2296c48*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0286.251] WSAConnect (in: s=0x4bc, name=0x2296ce8*(sa_family=2, sin_port=0x2f40, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0286.428] send (s=0x684, buf=0x2296db4*, len=54, flags=0) returned 54 [0286.429] recv (in: s=0x684, buf=0x2296e74, len=1024, flags=0 | out: buf=0x2296e74*) returned 30 [0286.601] setsockopt (s=0x4bc, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0286.601] setsockopt (s=0x4bc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0286.601] send (s=0x4bc, buf=0x2295a14*, len=364, flags=0) returned 364 [0286.601] shutdown (s=0x4bc, how=2) returned 0 [0286.602] closesocket (s=0x4bc) returned 0 [0286.602] recv (in: s=0x684, buf=0x22974cc, len=1024, flags=0 | out: buf=0x22974cc*) returned 94 [0286.774] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0286.775] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0286.775] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0286.775] WaitMessage () returned 1 [0296.071] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 1 [0296.072] IsWindowUnicode (hWnd=0x602d2) returned 1 [0296.072] GetMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f3f4) returned 1 [0296.073] TranslateMessage (lpMsg=0x19f3f4) returned 0 [0296.073] DispatchMessageW (lpMsg=0x19f3f4) returned 0x0 [0296.073] GetComputerNameW (in: lpBuffer=0x19ed84, nSize=0x19effc | out: lpBuffer="XC64ZB", nSize=0x19effc) returned 1 [0296.075] SysStringLen (param_1="Light1988@㡡") returned 0x10 [0296.075] SystemFunction040 (in: Memory=0x608cf4, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x608cf4) returned 0x0 [0296.076] GetUserNameW (in: lpBuffer=0x19ed88, pcbBuffer=0x19f000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f000) returned 1 [0296.079] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ede0*=0x3c0, lpdwindex=0x19ebfc | out: lpdwindex=0x19ebfc) returned 0x80010115 [0296.079] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b0, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0296.080] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19edc0*=0x3b8, lpdwindex=0x19ebdc | out: lpdwindex=0x19ebdc) returned 0x80010115 [0296.080] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x47c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0296.080] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x484, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0296.080] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19ee14*=0x48c, lpdwindex=0x19ec34 | out: lpdwindex=0x19ec34) returned 0x80010115 [0296.081] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x19ed90*=0x664, lpdwindex=0x19ec4c | out: lpdwindex=0x19ec4c) returned 0x0 [0296.081] setsockopt (s=0x684, level=65535, optname=4101, optval=" \x86\x01", optlen=4) returned 0 [0296.081] setsockopt (s=0x684, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0296.082] send (s=0x684, buf=0x229a1e8*, len=6, flags=0) returned 6 [0296.083] recv (in: s=0x684, buf=0x229a278, len=1024, flags=0 | out: buf=0x229a278*) returned 49 [0296.254] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4bc [0296.255] getsockname (in: s=0x684, name=0x229aca4, namelen=0x229ac8c | out: name=0x229aca4*(sa_family=2, sin_port=0xc22e, sin_addr="192.168.0.32"), namelen=0x229ac8c) returned 0 [0296.256] bind (s=0x4bc, addr=0x229ae3c*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.32"), namelen=16) returned 0 [0296.256] WSAConnect (in: s=0x4bc, name=0x229aedc*(sa_family=2, sin_port=0x2f04, sin_addr="104.219.248.99"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0296.428] send (s=0x684, buf=0x229afa8*, len=54, flags=0) returned 54 [0296.428] recv (in: s=0x684, buf=0x229b068, len=1024, flags=0 | out: buf=0x229b068*) returned 30 [0296.601] setsockopt (s=0x4bc, level=65535, optname=4101, optval="à\x93\x04", optlen=4) returned 0 [0296.601] setsockopt (s=0x4bc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0296.601] send (s=0x4bc, buf=0x2299c1c*, len=364, flags=0) returned 364 [0296.602] shutdown (s=0x4bc, how=2) returned 0 [0296.602] closesocket (s=0x4bc) returned 0 [0296.602] recv (in: s=0x684, buf=0x229b6c0, len=1024, flags=0 | out: buf=0x229b6c0*) returned 94 [0296.778] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0296.779] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0296.779] PeekMessageW (in: lpMsg=0x19f3f4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f3f4) returned 0 [0296.779] WaitMessage () Thread: id = 16 os_tid = 0x12dc Thread: id = 17 os_tid = 0x930 Thread: id = 18 os_tid = 0xd58 [0137.091] CoGetContextToken (in: pToken=0x425fc3c | out: pToken=0x425fc3c) returned 0x800401f0 [0137.091] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0137.091] RoInitialize () returned 0x1 [0137.091] RoUninitialize () returned 0x0 Thread: id = 19 os_tid = 0x12ec Thread: id = 20 os_tid = 0x12e8 Thread: id = 21 os_tid = 0xba4 Thread: id = 22 os_tid = 0x490 Thread: id = 23 os_tid = 0x1050 [0146.538] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0146.538] RoInitialize () returned 0x1 [0146.538] RoUninitialize () returned 0x0 [0146.540] ResetEvent (hEvent=0x450) returned 1 [0204.719] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0204.719] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0204.719] SetEvent (hEvent=0x450) returned 1 [0249.110] shutdown (s=0x52c, how=2) returned 0 [0249.115] setsockopt (s=0x52c, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0249.115] closesocket (s=0x52c) returned 0 [0252.855] QueryContextAttributesW (in: phContext=0x21f0f64, ulAttribute=0x1a, pBuffer=0x4eef750 | out: pBuffer=0x4eef750) returned 0x0 [0252.901] DeleteSecurityContext (phContext=0x21f0f64) returned 0x0 [0252.910] shutdown (s=0x578, how=2) returned 0 [0252.912] setsockopt (s=0x578, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0252.912] closesocket (s=0x578) returned 0 [0254.727] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0254.727] ReleaseSemaphore (in: hSemaphore=0x664, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0254.728] SetEvent (hEvent=0x450) returned 1 Thread: id = 24 os_tid = 0x66c